ClawHub

LLM Wiki

Security checks across malware telemetry and agentic risk

Overview

This skill openly maintains a local markdown wiki and its file changes are consistent with that purpose, with no evidence of hidden network access, credential use, or destructive behavior.

Install this only for wiki folders where you are comfortable letting an agent edit and reorganize markdown files. Use git or backups before large ingest, compile, lint, or audit runs; review proposed merges and splits; avoid storing secrets in raw sources, audit comments, logs, or generated outputs; and review any generated HTML/JavaScript before opening or embedding it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill's operational steps authorize broad file-writing behavior across multiple directories, including creating summaries, updating concept/entity pages, rebuilding indexes, and writing query outputs, without an explicit up-front warning about the breadth of modifications. In practice, this can lead users to invoke the skill expecting analysis but instead trigger large-scale repository changes, increasing the risk of accidental data loss, overwrite, or unwanted content generation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The audit workflow not only reads user feedback but appends resolution text and moves files from audit/ to audit/resolved/, yet this state-changing behavior is not surfaced as a user warning in the skill description. Because audit files are part of the human feedback trail, silent mutation or relocation can surprise operators, interfere with external tooling, and make forensic review or synchronization harder if not clearly disclosed.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide explicitly states that the Obsidian plugin defaults the `author` field to the OS username and that audit files are stored persistently. This creates a privacy exposure because local account names can reveal real identities or organizational naming conventions, and the document provides no warning, minimization guidance, or safer default for users before persisting that data into the wiki corpus.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The document explicitly encourages generating interactive HTML with JavaScript and opening or embedding it locally, but provides no safety guidance about active content. In this skill's context, that is risky because the content is often LLM-generated and stored in a local knowledge base, so users may trust and render unreviewed scripts that can exfiltrate local data via browser requests, abuse Obsidian/plugin capabilities, or perform other unintended actions in the local environment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal