ClawHub

Academic Knowledge Base Clawhub

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent academic knowledge-base helper, but it needs review because it persistently stores research material and uses external services while its triggers and privacy wording are too broad.

Install only if you are comfortable with a persistent local academic database, shared SmartLib credentials/quota, and possible external processing through SmartLib or a configured embedding provider. Avoid importing sensitive unpublished papers, datasets, or notes unless you understand exactly which external services are enabled and where the local database and API keys are stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough that ordinary research-related conversation could unintentionally invoke storage, retrieval, or other side-effecting knowledge-base behaviors. In a skill that persists user content and may consume shared quota, ambiguous activation increases the risk of accidental ingestion of sensitive files, notes, or queries.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The example invocation phrases lack clear scope boundaries and can be interpreted in routine conversation, which may cause the agent to enter this skill unexpectedly. Because the skill can create directories, process uploads, and persist research data, accidental invocation has privacy and integrity consequences beyond a harmless false activation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes automatic ingestion of uploaded literature, reports, and personal academic data, but it does not prominently warn at the point of use that these materials will be persistently stored and automatically processed. This is dangerous because researchers may upload unpublished manuscripts, sensitive datasets, or notes without realizing they will become part of a long-lived local knowledge base.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes many broad natural-language phrases such as ‘文献管理’, ‘论文管理’, and ‘研究笔记’, which can plausibly appear in ordinary conversation without a clear intent to invoke this skill. That raises the risk of unintended activation, causing the agent to access local files, external APIs, or quota-consuming operations when the user did not explicitly request this academic knowledge-base workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The quick trigger reference describes examples of what users may say, but it does not define boundaries for when similar phrases should not activate the skill or when another skill should take precedence. This ambiguity can lead to overbroad routing, unintended tool use, or accidental execution of state-changing operations in response to loosely related requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal