ClawHub

Auto Drive

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads and retrieves user-selected files or memory notes from permanent Auto-Drive storage, with meaningful but disclosed privacy risks.

Install only if you want an agent to upload chosen files or memory notes to Auto-Drive. Do not upload secrets, credentials, private documents, personal data, or proprietary context unless you have intentionally redacted or encrypted it. Treat every memory save as public and permanent, and review recalled chain content before letting it influence future agent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
The comment says the default state-file path is trusted, but it is derived from OPENCLAW_WORKSPACE, which is an environment variable and therefore attacker-controllable in many execution contexts. Because the explicit path validation is skipped for this default path, a hostile environment can redirect reads and writes of the state file and MEMORY.md outside the intended workspace, potentially overwriting sensitive user files under the account.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation guidance uses broad phrases like 'store permanently' and 'save memory' that can trigger irreversible public uploads from ordinary conversational language. In this skill's context, activation is especially risky because the action writes immutable data to decentralized storage, so accidental invocation can cause permanent disclosure of sensitive or private information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill lists invocation cues for upload and memory-save behaviors without placing a prominent warning nearby that these actions are permanent and public. Although the warning appears later in the document, separating it from the activation guidance increases the chance that an agent or user will invoke the skill without appreciating that uploaded content cannot be revoked and may expose sensitive data indefinitely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script prompts for an API key and then persists it to local config files, but it does not clearly warn the user that the credential will be stored on disk or discuss the security implications. In a skill designed for decentralized storage access, this increases the chance users unknowingly leave a long-lived secret in plaintext or broadly readable locations, which could be exposed through local compromise, backups, or accidental sharing of config files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal