ClawHub

Daily Planner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent planner skill, but it asks the agent to automatically change calendars, notifications, messages, sharing, and stored conversation-derived commitments without enough user control.

Install only if you are comfortable with a planner that may use calendar, email, notification, contact, and conversation context. Before use, require confirmation before it writes calendar events, pauses notifications, enables auto-replies, shares summaries, sends drafts, cancels meetings, or saves commitments, and periodically review or delete the ~/planner/ data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states that user planning data, current day plans, commitments, and archives are stored under `~/planner/`, but it provides no notice, consent flow, retention policy, or access protections. This creates a privacy risk because sensitive behavioral and scheduling data may be retained locally in a predictable location and exposed to other local users, backups, or malware.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill says every promise made is logged automatically and that commitments are extracted from conversations, which implies ongoing monitoring and retention of potentially sensitive conversational content without explicit notice or opt-in. In a planner context, these extracted commitments can reveal relationships, deadlines, work obligations, and personal matters, making the privacy impact more serious than generic note-taking.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to automatically block calendar time whenever an energy-peak window is open, without requiring explicit user confirmation or even a visible warning. Calendar modification is an externally visible side effect that can disrupt commitments, create scheduling errors, and reduce user trust if done autonomously.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatically pausing notifications and enabling an auto-reply changes communication behavior on the user's behalf without clear consent. If triggered at the wrong time, this can suppress important messages, mislead contacts about availability, and interfere with business or personal communications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The meeting-prep flow directs the agent to automatically gather attendee information and contextual history, including last contact and pending items, without a privacy notice or scope limits. In a calendar assistant, this increases the risk of over-collecting sensitive relationship, work, or personal data and surfacing it in contexts the user did not intend.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The profile says to unify calendars and automatically block family events in the work calendar, which implies modifying calendar data without any explicit confirmation, warning, or consent boundary. In a planning skill, this is risky because it can create, alter, or duplicate events across sensitive personal and work calendars, leading to privacy exposure and unintended schedule changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instruction to share a daily summary with a partner describes transmitting personal scheduling information without any privacy notice, consent flow, or control over what is shared. Because this profile includes work, school, medical, and family commitments, automatic sharing could disclose sensitive or confidential information to another person or channel unintentionally.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Emergency mode includes canceling or postponing non-critical work meetings and sending pre-drafted messages, but it does not state that the user must approve those schedule changes first. Automatic cancellations in a work context can disrupt professional obligations, notify third parties unexpectedly, and create reputational or operational harm if triggered incorrectly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase "plan my day" is broad and commonly used in normal conversation, which can cause the routine to activate unintentionally or too often. Because this skill can be triggered automatically and may act on calendars, commitments, and possibly email-derived inputs, ambiguous invocation increases the risk of unwanted scheduling changes, overcollection of context, or user confusion about whether they explicitly initiated planning behavior.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to capture ordinary conversational statements as durable commitments without clear consent or disambiguation. In a planning skill that persistently stores extracted items under ~/planner/commitments and later surfaces reminders, this can create incorrect records, privacy issues, and prompt the agent to act on misunderstood intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The follow-up tracking phrases are ambiguous and can match casual status updates or quoted speech, causing the system to infer waiting states and generate follow-up prompts without reliable user intent. Because this skill integrates reminders and prioritization into daily planning, these false inferences can distort task management and potentially expose relationship or communication details in stored records.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal