ClawHub

PV_21

Security checks across malware telemetry and agentic risk

Overview

This skill mainly provides a persona, but it also directs automatic long-term storage and reuse of user preferences and decisions without clear user controls.

Install only if you are comfortable with a local memory feature that may save personal or business preferences and decisions across sessions. Avoid sensitive information unless you can inspect and delete ~/.openclaw/pv_palace/memories.json, and treat the referenced pv_memory helper as unreviewed because it is not included in this artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s declared purpose is resource-efficient execution, but the body implements a persistent cross-session memory system that stores user preferences, decisions, and contextual data to local disk. This creates a material capability mismatch that can mislead users and reviewers, increasing the chance that sensitive data is retained without informed expectation or proper controls.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill automatically persists user-provided information even though its stated function does not require long-term storage to achieve resource-efficient execution. Unnecessary data collection broadens privacy risk and creates avoidable exposure of sensitive preferences and decisions if the local store is accessed by other processes or users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill claims a persistent memory capability and automatic retention of user information without presenting a clear warning about privacy, retention, or local file storage. Users may disclose sensitive information believing the interaction is ephemeral, while the skill silently records it across sessions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The usage scenarios instruct automatic writes for user preferences and important decisions but do not warn that these actions persist data to disk. This is dangerous because it operationalizes silent retention of potentially sensitive user information without notice or consent at the moment of collection.

Ssd 3

Medium
Confidence
94% confidence
Finding
The natural-language instruction establishes cross-session retention of user-provided information by default. Persistent retention without clear necessity or consent increases privacy and compliance risk, especially because preferences and decisions can reveal sensitive personal or business context over time.

Ssd 3

Medium
Confidence
97% confidence
Finding
The behavioral instructions direct the agent to automatically store user preferences and decisions, which creates silent surveillance-like behavior in ordinary interactions. In this skill context, the memory feature is not obviously required, so the automatic nature makes the issue more dangerous rather than less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal