ClawHub

Meta Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local knowledge-base skill, but it promotes broad automatic capture and persistent storage of private content without clear controls.

Install only if you intentionally want a persistent personal knowledge base. Use explicit source selection, avoid secrets and private folders, and verify how to inspect and remove data under ~/.meta_knowledge before enabling conversation hooks, watched folders, email ingestion, or automatic learning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises automatic capture of chats, documents, web pages, and monitored folders without any visible consent flow, scope limits, or privacy warning. Because these sources commonly contain personal, confidential, or credential-bearing data, automatic ingestion can lead to overcollection and persistent storage of sensitive information.

Missing User Warnings

High
Confidence
98% confidence
Finding
Email ingestion is especially sensitive because emails often contain personal data, internal business information, tokens, attachments, and password reset links. Documenting email parsing with no warning or safeguards encourages unsafe handling of highly sensitive content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The OpenClaw hook example automatically stores derived content from user messages after every interaction, without notice or consent. In practice, conversation content can include secrets, personal information, proprietary prompts, or regulated data, so silent persistence materially raises privacy and leakage risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
Unbounded storage of user interaction content creates a natural-language data leakage path: later search, RAG retrieval, summaries, or exports may surface prior sensitive conversations to unintended users or contexts. The skill's knowledge-base purpose makes this risk more acute because retained content is designed to be retrieved and reused.

Ssd 3

Medium
Confidence
91% confidence
Finding
The phrase 'Remember everything' promotes indiscriminate retention behavior, which is unsafe for a system intended to ingest conversations, documents, web content, and emails. In this context, broad retention increases the chance that sensitive or regulated information is stored longer than necessary and later exposed through retrieval features.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal