ClawHub

MIT 48h Learning Method

Security checks across malware telemetry and agentic risk

Overview

This is a coherent NotebookLM learning helper, but a crafted file URL can execute local Python code and the skill performs authenticated cloud actions with broad activation rules.

Install only if you trust the publisher and are comfortable with NotebookLM/Google account use. Do not pass untrusted file:// URLs, and review or patch convert_file_url before use. Expect the skill to upload selected local files and links to NotebookLM, store the active notebook ID in your home directory, and possibly open a login flow automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The script automatically checks session validity and invokes `nlm login` before every command, introducing account/session-management behavior beyond the stated learning workflow. This is risky because it can trigger unintended re-authentication flows, normalize credential handling in automation, and make the skill operate on an authenticated account without an explicit per-action user confirmation.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Automatic re-authentication is not necessary for the core educational purpose of generating learning materials and expands the script into account-management functionality. In this context, that increases the blast radius of the skill: a simple content operation can silently escalate into an authenticated account action, especially problematic on shared machines or when the CLI login flow has side effects such as browser launches or token refreshes.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough to match ordinary requests about learning, summaries, videos, or AI-assisted study, which increases the chance of accidental activation. In this skill, mis-triggering is more concerning because activation can lead to authentication prompts, network calls, and uploads to a third-party service rather than a harmless local transformation.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Defaulting the language environment to zh-CN without an explicit user choice can cause content to be generated or transmitted in an unexpected language, which may confuse users and reduce informed consent. While not as severe as credential or data-exposure issues, it can still mis-handle user input and produce unintended third-party processing behavior.

VirusTotal

No VirusTotal findings

View on VirusTotal