ClawHub

Paperclip

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Paperclip setup and operations helper, with disclosed local memory and integration behavior but no evidence of hidden or destructive activity.

Install only if you want your agent to help manage Paperclip setup and remember integration details. Keep tokens and provider keys out of memory files, review saved Paperclip notes periodically, and confirm before running commands that create or update companies, issues, approvals, or agent heartbeats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation trigger `when ~/paperclip/ does not exist or is empty` is broad and detached from a narrowly scoped user intent, so the skill may run in many unrelated conversations simply because a local directory is missing. Because the skill then instructs the agent to gather setup and integration context and save preferences to main memory, accidental activation can cause unnecessary data collection, context pollution, and behavior steering outside the user's request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The proactive activation criteria cover very broad topics such as AI company setup, multi-agent orchestration, budgets, approvals, and multiple control-plane tools, which overlap with many ordinary conversations. In this context, that breadth is more dangerous because the skill explicitly tells the agent to activate early, infer patterns, and store integration preferences in main memory, enabling overreach, premature tool influence, and persistent state changes without clear user consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal