ClawHub

Proprioception

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local self-monitoring tool that analyzes conversation text and runs bundled Node scripts, with no artifact evidence of network transfer, credential access, or durable storage.

Install this only if you want an always-on local self-check layer that analyzes conversation text during active sessions and may change how the agent responds when it detects drift or low confidence. Treat the scores as heuristics, and do not enable any future telemetry aggregation unless it has explicit consent, minimization, retention limits, and privacy controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation explicitly expands the skill from real-time, per-session self-monitoring into systematic cross-session telemetry collection and aggregation. That creates a data collection and secondary-use risk not required for the stated function, encouraging retention, profiling, and reuse of conversational metadata without clear necessity, minimization, consent, or governance controls.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill declares that it runs automatically and silently on every conversation turn, which creates an overly broad activation scope. Even though the described analysis is local and intended for quality control, always-on invocation increases the chance of unintended processing in contexts where the user did not request or expect this behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill says it runs silently in the background on every turn and only surfaces when thresholds are crossed, which means continuous monitoring of conversation content occurs without explicit user-facing disclosure. While this is not overtly malicious, hidden analysis can violate user expectations, privacy norms, and platform consent requirements.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The implementation instructs the agent to execute a local Node.js subprocess on every turn using conversation-derived values as command arguments, without any user-facing notice that command execution is occurring. This expands the trust boundary from pure prompt behavior to host-side code execution and can become dangerous if the script, runtime, or argument handling is unsafe or if the environment did not intend skills to spawn processes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal