ClawHub

my study pal

Security checks across malware telemetry and agentic risk

Overview

This study assistant is not malicious, but it is designed to automatically save learning conversations and user profile details in local files in ways users may not expect.

Install only if you are comfortable with the skill creating a `mystudy/` folder in your workspace and saving study topics, conversation details, and long-term preferences there. Avoid using it for sensitive personal, workplace-confidential, medical, legal, financial, or credential-related explanations unless you first constrain or disable recording and periodically review or delete the saved files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (23)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to read and write workspace files under `mystudy/`, but no explicit permission declaration or user-facing consent boundary is present. This creates an authorization gap where persistent file access is implied by natural-language instructions, increasing the chance of unintended data modification or retention.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The setup directs the agent to execute PowerShell and Python scripts during initialization, which gives a concept-explanation skill unnecessary code-execution capability and a path to modify the workspace. Even if intended for convenience, this expands the attack surface because script contents may change files, access additional data, or behave unexpectedly without explicit user approval.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation rules are broad enough to trigger on ordinary concept questions and generic educational requests, without clear exclusions or confirmation. Because the skill also performs persistent profile and study-record updates, overbroad triggering can silently cause data collection and file writes in situations where the user did not intend to invoke long-term storage.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that it will maintain `mystudy/` records, including study summaries and user profiles, but does not clearly warn users that their inputs and preferences may be stored persistently in workspace files. This can lead to non-transparent retention of personal or sensitive information, especially when users think they are only asking a one-off concept question.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill content and metadata consistently prescribe Chinese-language behavior without clearly stating that this is conditional on user preference or an explicit opt-in. This can override a user's requested language, reduce accessibility, and create unsafe mismatches if a user needs critical explanations in another language and the agent remains constrained to Chinese.

Missing User Warnings

High
Confidence
97% confidence
Finding
These rules direct the agent to persist conversation-derived study records by default whenever a concept explanation occurs, but they do not require explicit user notice or consent before retention. That creates a real privacy risk because users may disclose sensitive educational, professional, or personal information under the assumption the exchange is ephemeral, while the system silently stores it for later reuse.

Missing User Warnings

High
Confidence
98% confidence
Finding
The instruction to keep complete dialogue transcripts in detail files materially increases the sensitivity of stored data, since full transcripts often contain incidental personal data, secrets, or contextual details not needed for learning continuity. Without an explicit warning and consent flow, this broad retention expands both privacy harm and breach impact if the stored files are exposed.

Missing User Warnings

High
Confidence
98% confidence
Finding
The user-profile rules instruct long-term collection of work domain, hobbies, learning history, and enduring teaching/style preferences, but they do not require explicit user awareness or consent. This is dangerous because it builds a persistent profile of personal attributes and behavioral preferences that could be misused, over-retained, or exposed beyond the user's expectations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file defines persistent local storage under the workspace root and frames creation/maintenance as the default behavior, but does not require a user-facing disclosure or consent step before writing conversation-derived data. That creates a privacy and transparency risk because users may not realize their interactions and profile information are being persisted across sessions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The initialization rules mandate automatic first-use file and directory creation and state that the system must auto-complete the storage skeleton before recording data, but they do not require notice or permission from the user. Because the stored content includes study history and user profile data, silent initialization materially increases privacy risk and can surprise users with undeclared persistence.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These instructions tell the agent to create the mystudy directory structure and populate persistent files automatically, but do not require any user-facing notice or consent. Silent workspace modification is risky because users may not expect a terminology helper to write files or initialize state on their behalf.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup specifically instructs running initialization and refresh scripts that alter workspace state, again without requiring explicit user approval. This is more dangerous than simple file creation because script-driven changes can be broader and less transparent to the user.

Ssd 3

Medium
Confidence
96% confidence
Finding
Default logging of explanatory conversations and complete per-topic dialogue records creates a meaningful data-retention risk because users may include personal, work, health, financial, or proprietary context while asking for explanations. Storing full conversation content in plain Markdown increases exposure through later unintended access, reuse, or leakage from the workspace.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill directs collection and reuse of long-term user background, teaching preferences, and language style, creating a persistent semantic profile that can reveal sensitive traits over time. Even if each individual datum seems harmless, accumulated profile data can enable intrusive inference, over-personalization, or misuse beyond the immediate learning task.

Ssd 3

Medium
Confidence
95% confidence
Finding
Automatically updating long-term profile storage in the same turn when the user mentions background or preferences encourages silent persistence of information that may have been shared only for immediate context. This is dangerous because it collapses conversational context into durable memory without an explicit checkpoint for user awareness or consent.

Ssd 3

Medium
Confidence
93% confidence
Finding
Requiring storage of full user dialogue and related profiling details creates a natural-language data retention risk even if no code execution is involved. The skill context makes this more dangerous because educational conversations often elicit background details, goals, confusion points, and sometimes work or study information that accumulates into a sensitive behavioral record over time.

Ssd 3

Medium
Confidence
95% confidence
Finding
The requirement to preserve the 'complete dialogue process' directs indiscriminate retention of all user inputs, including content unrelated to the concept itself. This increases the chance that sensitive or irrelevant data is captured and later exposed, and it is especially problematic because the rule frames broad retention as mandatory rather than exceptional.

Ssd 3

Medium
Confidence
94% confidence
Finding
These profiling rules establish persistent collection of user attributes and recent learning history, which creates a durable privacy and leakage surface. In a study-assistant context, such data may seem harmless individually, but combined over time it can reveal occupation, interests, routines, and cognitive patterns, making the profile materially sensitive.

Ssd 3

Medium
Confidence
96% confidence
Finding
The specification requires storing full dialogue transcripts in per-topic files and separately maintaining user profile data, which can capture sensitive personal, professional, or behavioral information far beyond what is needed for concept explanations. Full transcript retention increases the chance of unintended disclosure, over-collection, and later resurfacing of sensitive content.

Ssd 3

Medium
Confidence
95% confidence
Finding
The profile schema encourages long-term storage of user work domain, interests, recent learning topics, and detailed teaching preferences, creating a semantic profile that can reveal habits, occupation, and inferred personal traits. In an educational assistant, that data collection may seem helpful, but without strict minimization and consent it creates persistent privacy risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
The runtime rules require immediate persistence of any user-stated long-term preference in the profile file, which promotes automatic retention of user-provided information without a confirmation checkpoint. This is dangerous because users may express tentative preferences conversationally and not expect them to become durable profile data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the system to collect and persist user profile attributes such as work domain, interests, learning history, and preference data across sessions. Long-term retention of conversation-derived personal information creates privacy and leakage risk, especially when there is no clear consent, minimization, or retention control.

Ssd 3

Medium
Confidence
97% confidence
Finding
The file explicitly requires saving dialogue records, learning topics, and user profile details into persistent markdown files, which can accumulate sensitive natural-language data over time. Such records may expose personal interests, work context, or inferred traits to anyone with workspace access and increase the blast radius of any later compromise.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal