ClawHub

Context Recovery

Security checks across malware telemetry and agentic risk

Overview

This skill reads recent conversation/session history to restore lost context, and that behavior is disclosed, bounded, and aligned with its purpose.

Install this only where it is acceptable for the agent to inspect recent channel and session history when context appears missing. Avoid enabling it in highly sensitive channels unless platform history permissions are tightly scoped, and decline any optional memory caching unless you have reviewed the recovered summary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manual trigger phrases are broad enough to match ordinary conversational turns like 'continue' or 'where were we?', which can cause the skill to activate without the user understanding that channel/session history will be queried. In this skill, unintended activation is more sensitive because the recovery flow explicitly reads prior message history and possibly session history, creating a privacy and consent risk rather than a direct code-execution risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The condition 'user implies prior work exists but context is unclear' is highly subjective and leaves activation to the agent's interpretation, which increases the chance of over-collection of historical data. Because this skill is designed to pull channel and session history, ambiguous boundaries directly translate into avoidable privacy exposure and unexpected behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The auto-trigger logic references an undefined 'continuation_patterns' set, so the effective scope of activation is unspecified and could become overly permissive in implementation. In a skill that proactively recovers context and reads message/session history without waiting for the user to ask, undefined scope is dangerous because it can silently broaden surveillance-like behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to prioritize channel/session API history for context recovery but does not require a user-facing privacy notice or consent at invocation time. Since the skill may auto-trigger and access prior messages across channels or sessions, users may be unaware that additional historical content is being inspected, creating a meaningful privacy and trust risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal