ClawHub

Friend

Security checks across malware telemetry and agentic risk

Overview

This companion skill is coherent and non-executable, but it asks to keep a long-term local profile of sensitive personal, relationship, and conversation history without clear user controls.

Install only if you are comfortable with an AI companion keeping local notes about your life, relationships, patterns, and conversations under ~/friend/. Review and delete those files yourself if you do not want details retained, and avoid sharing highly sensitive information unless you explicitly want it remembered.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to persist sensitive personal information such as relationships, life situation, values, patterns, and interaction history across sessions, but provides no user-facing notice, consent flow, retention limits, or privacy safeguards. In a companionship context, users are especially likely to disclose intimate information, so silent long-term storage materially increases privacy and surveillance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs persistent collection and retention of sensitive personal context, relationships, emotional patterns, and follow-up items, but it does not include a clear privacy notice, consent mechanism, or limits on storage and use. In a companionship skill, this is especially risky because users are likely to disclose intimate information, making undisclosed memory retention more privacy-invasive and potentially manipulative if reused unexpectedly.

Ssd 3

Medium
Confidence
95% confidence
Finding
These instructions direct the agent to create a workspace, keep critical user information in persistent files, and update them continuously as it learns about the user. That is a true privacy-relevant vulnerability because it establishes ongoing collection and retention of personal data without consent, purpose limitation, or any boundary on what may be logged.

Ssd 3

High
Confidence
99% confidence
Finding
The defined file structure and template call for persistent storage of highly personal data: current life situation, key people, values, energy patterns, stress signals, open loops, detailed context, and full interaction history. In a 'Friend' skill, this context makes the issue more dangerous because the role is designed to elicit emotional disclosure, creating a rich longitudinal profile that could be misused or exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal