ClawHub

Friends

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent friendship tracker, but it asks an agent to keep long-lived notes about other people’s sensitive life events without enough privacy controls or explicit save boundaries.

Review before installing. Use only if you want persistent local friendship profiles, require explicit confirmation before saving or updating anyone’s details, avoid storing health, mental health, pregnancy, family, legal, or hardship information unless truly necessary and appropriate, keep ~/friends/ private, and periodically delete or redact old notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to create and maintain files about real people under ~/friends/, including birthdays, relationship status, health struggles, and interaction history, but it gives no warning about the privacy sensitivity of storing third-party personal data. That omission increases the likelihood users will persist sensitive information without informed consent, minimization, or protection, creating avoidable privacy and misuse risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
These instructions direct the system to persist and later resurface sensitive personal information about third parties, such as divorce, moves, and other life circumstances. Because the skill's purpose is relationship tracking rather than a regulated or clearly consent-based recordkeeping context, the context makes this more dangerous, not less, by normalizing long-term storage of intimate details in plain files.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs ongoing logging of personal interactions, emotional state, and follow-ups in readable markdown, creating a durable dossier of private conversations and inferred feelings. This is risky because such records can expose sensitive interpersonal information if accessed by others, and the proactive resurfacing feature amplifies the privacy impact by repeatedly reusing stored sensitive context.

Ssd 3

High
Confidence
99% confidence
Finding
This section encourages tracking highly sensitive third-party data including illness, mental health struggles, divorce, pregnancy, and family loss. Persisting this kind of data in a personal friendship system is especially dangerous because it exceeds what is necessary for casual relationship maintenance and creates a high-impact privacy risk if the files are exposed, synced, or reused without the subject's knowledge.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal