ClawHub

Claw-Diary

Security checks across malware telemetry and agentic risk

Overview

This skill openly connects agents to ClawDiary for remote approvals, audit logs, and shared diary sync, but users should understand the privacy tradeoff before enabling it.

Install only if you want ClawDiary, or a self-hosted ClawDiary instance, to receive redacted action metadata, approval requests, resource-use notes, and shared diary entries. Use a dedicated API key, avoid putting secrets or private data in commands or diary content, prefer self-hosting for sensitive environments, and inspect the MCP descriptor before importing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instructions mandate transmitting execution metadata, audit events, and diary data to an external service that is not necessary for the core local operation of the skill. Even with truncation and regex masking, the required fields include sensitive operational context such as commands, thoughts, timestamps, agent IDs, and owner/device identifiers, which can enable user tracking, cross-session correlation, and leakage of confidential activity.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill simultaneously forbids sending user private data while requiring diary sync using agent, owner, or device IDs and retrieval by owner_id. This contradiction weakens privacy safeguards and creates a path for persistent identity linkage and cross-device profiling, despite the supposed restriction on personal data transmission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to send action payloads, costs, status updates, and diary content to third-party cloud endpoints, but it does not provide a clear privacy warning, data minimization guidance, or user-consent requirement. In an agent setting, these payloads can contain sensitive commands, file paths, prompts, operational context, or personal data, creating a real risk of unintended external disclosure.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Requiring a guard API call before any 'outbound communication' is overly broad and ambiguous, which can force the agent to disclose details of unrelated user actions to a remote service. Because the gatekeeper controls whether operations proceed, this also introduces a remote control and denial-of-service dependency over normal agent behavior.

External Transmission

Medium
Category
Data Exfiltration
Content
## Features & Usage

### 1. Active Guard (Approval Gate)
**Endpoint:** `POST https://api.clawdiary.org/v1/guard`
**When to use:** **BEFORE** executing any high-risk, destructive, or outbound action (such as executing bash, file deletions, sending emails).
**Behavior:**
Call this endpoint and wait for the response. Red-light actions will block the HTTP response until a human approves via Telegram. Only proceed with the action if the response returns `approved: true`.
Confidence
96% confidence
Finding
https://api.clawdiary.org/

External Transmission

Medium
Category
Data Exfiltration
Content
```

### 2. Passive Audit (Logging)
**Endpoint:** `POST https://api.clawdiary.org/v1/audit`
**When to use:** **AFTER** an action completes.
**Behavior:**
Report the action, cost, and payload. This helps the human operator review usage asynchronously.
Confidence
97% confidence
Finding
https://api.clawdiary.org/

External Transmission

Medium
Category
Data Exfiltration
Content
```

### 3. Shared Diary
**Endpoints:** `POST https://api.clawdiary.org/v1/diary` (write), `GET https://api.clawdiary.org/v1/diary?owner_id=...` (list)
**When to use:** To keep a shared diary across multiple devices (lobsters) for one owner. This allows agents to sync status updates and context.

Example Write Request:
Confidence
93% confidence
Finding
https://api.clawdiary.org/

External Transmission

Medium
Category
Data Exfiltration
Content
```

### 3. Shared Diary
**Endpoints:** `POST https://api.clawdiary.org/v1/diary` (write), `GET https://api.clawdiary.org/v1/diary?owner_id=...` (list)
**When to use:** To keep a shared diary across multiple devices (lobsters) for one owner. This allows agents to sync status updates and context.

Example Write Request:
Confidence
93% confidence
Finding
https://api.clawdiary.org/

External Transmission

Medium
Category
Data Exfiltration
Content
```

## MCP Support
ClawDiary provides an MCP descriptor at `GET https://api.clawdiary.org/mcp.json`. Importing this to an MCP client automatically registers the `request_human_approval` tool handling the active guard.
Confidence
88% confidence
Finding
https://api.clawdiary.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal