ClawHub

Mind Engine

Security checks across malware telemetry and agentic risk

Overview

This is a general reasoning skill, not malware, but it asks to activate on almost any question and to save user-specific memory after each dialogue without clear consent or limits.

Install only if you are comfortable with a general reasoning skill that may try to participate in many ordinary prompts. Configure it to require explicit invocation and explicit approval before saving memories or reading any knowledge-base files, and avoid pointing it at sensitive personal or work documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The instruction to update user memory after each dialogue creates a real privacy and data-governance risk because it encourages persistence of user-specific preferences, constraints, and potentially sensitive contextual details without any stated minimization, consent, retention, or access controls. In a general-purpose thinking skill, this broad memory update behavior is more dangerous because the skill is triggered on many kinds of conversations and may collect more personal data than users expect.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README states the engine activates when a user asks "any question," seeks advice, or needs analysis, which creates an extremely broad trigger condition. Overbroad auto-activation can cause the skill to intercept unrelated prompts, override more specific safety- or domain-scoped skills, and apply heavyweight reasoning behavior in contexts where it was not intended or appropriate.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger condition is overly broad and causes the skill to activate for almost any user uncertainty, question, or conversational reflection. This can override user intent, unexpectedly insert a complex reasoning framework into unrelated interactions, and increase the likelihood of collecting unnecessary personal or strategic information during normal conversation.

Vague Triggers

High
Confidence
96% confidence
Finding
The manifest advertises universal auto-activation for nearly any request, which creates a policy and safety risk because the skill may seize control of broad conversations without clear user consent. In combination with multi-stage questioning and memory instructions, this broad trigger surface amplifies privacy and prompt-scope risks.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to record user preferences and constraints across dialogues creates a genuine data retention risk because those details may include sensitive personal, professional, or behavioral information. Without explicit consent, storage limits, and handling rules, the skill encourages accumulation of longitudinal user profiles beyond what is necessary for a single conversation.

Ssd 3

Medium
Confidence
96% confidence
Finding
A rule to update user memory after every dialogue operationalizes ongoing collection and persistence of user-provided information, creating a continuous privacy exposure. The skill context makes this more concerning because the framework is meant to engage broadly and elicit detailed goals, constraints, risks, and prior experiences, all of which can be sensitive when aggregated over time.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal