ClawHub

Sleep

Security checks across malware telemetry and agentic risk

Overview

This sleep-tracking skill is not malicious, but it should be reviewed because it tells the agent to persist sensitive sleep-related information from very broad sources, including casual conversations, without clear opt-in or deletion limits.

Install only if you are comfortable with the agent remembering sleep and wellness details from conversations and possible device or environmental data. Before using it, set explicit allowed sources, require confirmation before saving incidental or inferred observations, and know how to inspect and delete ~/sleep/memory.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill explicitly instructs collection of sleep mentions from ANY source, including conversations, wearables, and spontaneous comments, which creates an overly broad intake scope for sensitive health-adjacent data. In this context, the broad trigger is especially risky because the skill also persists user-specific memory, enabling silent accumulation of intimate behavioral information without clear consent boundaries or contextual limits.

Missing User Warnings

High
Confidence
95% confidence
Finding
The metadata describes adaptive sleep tracking but does not clearly disclose that sensitive sleep-related information from conversations and wearables will be stored persistently in a user-specific file. This is dangerous because users may share casual comments without realizing they are being converted into long-term health-related memory, undermining informed consent and increasing privacy harm if the data is later accessed or misused.

Ssd 3

Medium
Confidence
92% confidence
Finding
The instructions encourage broad, persistent collection of sleep-related information across multiple sources without clear minimization, retention limits, or necessity constraints. Even if intended for personalization, this creates a privacy and surveillance risk because the skill can continuously infer and store sensitive patterns beyond what is needed for a narrowly scoped sleep function.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to observe conversations and fill persistent memory promotes ongoing logging of user statements into a durable profile, which can capture sensitive health-adjacent signals without a discrete user action. This is more dangerous in this skill because the stored categories include schedule, correlations, preferences, and flags, enabling longitudinal profiling from casual conversation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal