ClawHub

DeepSleep

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a group-memory and briefing tool, but it requests broad cross-chat visibility, stores and reuses conversation history, and can send proactive briefs without sufficiently clear scoping or consent boundaries.

Review before installing. Only use this in workspaces where participants have agreed to cross-chat summarization and retention. Avoid enabling all-session visibility unless required, exclude direct messages and sensitive groups by default, define retention/deletion rules, and require an explicit user action before any brief is sent or prior memory is mentioned in a chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill claims each group only receives its own summary, but other sections explicitly instruct inclusion of cross-group hints and related-group metadata in briefs and snapshots. Even if limited to topic labels, this still discloses information derived from other groups and can violate user expectations or tenant boundaries.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a memory persistence workflow, but these instructions expand it into a second-phase dispatch/broadcast action in the same run. That scope expansion increases authority from passive record-keeping to active outbound messaging, which can cause unintended disclosure or user-visible actions without a separately declared capability boundary.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The instructions extend a memory-persistence skill into schedule/task management, including updating schedule.md, deduplicating entries, and generating reminders based on priority. This broadens the skill from summarization/storage into workflow orchestration, which can alter future agent behavior and create unintended task injection or persistence beyond the declared purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Authorizing the use of `exec` to retrieve the current time introduces general command-execution capability into a skill that does not inherently require shell access. Even if the stated purpose is only time lookup, allowing `exec` in skill instructions expands the attack surface and can be repurposed for arbitrary command execution depending on the runtime's tool semantics.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly describes scanning all active group chats, correlating information across groups, sending personalized briefs, and persisting per-group memory without any prominent privacy notice, consent requirement, or data-handling boundary. In a multi-chat environment, this can expose sensitive context across sessions and normalize broad retention of user data beyond what participants may expect.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Quick Start instructs operators to enable `tools.sessions.visibility all`, schedule automated cross-session processing, and create persistent memory storage, but does not warn that this materially broadens data exposure and retention. Because these are operational setup steps, omission of safeguards here is especially risky: users may deploy the skill with organization-wide visibility and long-lived stored summaries without understanding the privacy impact.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions direct the agent to collect, retain, summarize, and later reuse broad conversation history across groups and direct messages. That creates a real data retention and secondary-use risk, especially because the skill enables cross-session visibility across all sessions and persists information to shared files that may later influence outputs.

Ssd 3

Medium
Confidence
94% confidence
Finding
Phase 3 tells the agent to load prior group memory and proactively mention due items or related context when new messages arrive. That increases the chance of surfacing stale, sensitive, or contextually inappropriate information back into conversations without a fresh user request, effectively turning stored data into an automatic disclosure channel.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal