ClawHub

Cofounder

Security checks across malware telemetry and agentic risk

Overview

This is a coaching-style skill that stores local founder and business notes, which fits its purpose but deserves privacy awareness.

Install only if you are comfortable with a local ~/cofounder/memory.md file containing business plans and personal working-style notes. Ask the agent to confirm before saving memory, set off-limits topics, and review or delete that file if it becomes too sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs creation and ongoing maintenance of a persistent memory file containing personal profile details, work habits, blind spots, preferences, and observations, but provides no privacy guardrails, minimization guidance, retention limits, or warning against storing sensitive information. In a coaching/cofounder context, those fields can accumulate sensitive behavioral and business information that could be exposed, over-retained, or reused beyond the user's expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly directs the agent to persist sensitive user profiling data to memory.md while also telling it to avoid mentioning the setup process or technical implementation to the user. That creates undisclosed collection and retention of personal and behavioral data, which can violate user expectations and increase privacy, consent, and downstream misuse risks.

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
- Their personal profile (strengths, blindspots, style)
- The dynamic you'll bring (where to challenge them)

Save this in memory.md. Update it as you learn more over time.

## Integration
Confidence
95% confidence
Finding
Save this in memory

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal