ClawHub

Personal Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Markdown knowledge-base skill whose local note writing, link fetching, search, and inbox cleanup are disclosed and fit its stated purpose.

Install this if you want an agent to maintain a local Markdown knowledge base. Do not send secrets or private material unless you are comfortable storing it under ~/kb/. Be aware that link handling may contact external sites, and review inbox processing before letting items be removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description is broad enough to activate on routine user messages, which can cause the skill to capture and persist content the user did not explicitly intend to store. In a note-taking skill, this creates a real risk of unintended data collection and file creation because ordinary conversation can be reinterpreted as save-worthy input.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes extremely common inputs like questions, reminders, random thoughts, and rambling text, so the skill may over-trigger during normal conversation. Because the skill writes to a persistent knowledge base, overbroad triggers can lead to accidental storage of sensitive or irrelevant content without clear consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs creation of a workspace and persistent note files but does not warn the user that it will modify local data. Silent file creation in a home directory can surprise users, create privacy issues, and make it harder to distinguish intentional notes from accidental captures.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instruction to delete inbox content after processing is a destructive operation with no stated confirmation, backup, or recovery mechanism. If processing is mistaken or lossy, original user material may be permanently removed, making this more dangerous than ordinary note creation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Fetching URLs and summarizing linked content introduces network access and possible transmission of user-provided links or associated context, but the skill does not disclose this behavior. In a personal knowledge-base context, users may share sensitive internal or private URLs, making undisclosed remote fetching a meaningful privacy and security concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal