ClawHub

glass2claw

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it can automatically forward personal photos and create database or Discord records without per-item confirmation.

Install only if you are comfortable with automatic routing of photos from WhatsApp into configured agents, channels, and databases. Use private ingress channels, allowlist destination session keys, use least-privilege database tokens, avoid sensitive or third-party photos without consent, and add a review step before posting images or writing records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes automatic ingestion, classification, and database routing of photos received through WhatsApp, but it provides no notice about privacy, consent, data retention, or the sensitivity of captured content. In this skill context, the omission is meaningful because the workflow encourages hands-free capture of potentially personal or third-party data from wearable glasses and immediate transfer into downstream systems, increasing the risk of accidental collection and processing of sensitive information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to automatically forward image URLs to another session, which constitutes cross-session data transmission without an explicit user-facing notice or consent step. Even if the URL is only a link, it may expose sensitive personal images, metadata, or access-controlled resources to a different agent context, increasing privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to write structured data into the user's wine database automatically, but it does not require explicit user confirmation, notification, or any visible disclosure at the time of the action. This creates a risk of unintended data modification, silent persistence of inaccurate extracted information, and privacy issues if images or inferred details are logged without the user's awareness in the specific interaction.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes a fully automatic pipeline that receives photos from WhatsApp, classifies them, and writes structured entries into downstream databases without clearly warning the user that persisted records may be created automatically from personal images. Because the input source is a personal camera and the destinations may include third-party services, users may unintentionally store sensitive personal, business, or contact data in systems with broader retention, sharing, or automation than expected.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description presents a broad end-to-end automation flow from smart glasses to WhatsApp to automatic database routing, but it does not define clear activation boundaries, user confirmation points, or constraints on when capture and routing occur. In a life-logging context, this ambiguity can lead users or downstream systems to assume always-on or implicit collection behavior, increasing the risk of unintended capture, transmission, and storage of sensitive photos.

Natural-Language Policy Violations

Low
Confidence
77% confidence
Finding
The description frames WhatsApp as the fixed communication path for the workflow without mentioning user choice, opt-in, or alternative channels. Because the skill handles photos and life-logging data, presenting a mandatory third-party messaging route can normalize transmission of sensitive content to an external service without clearly disclosing or constraining that behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal