ClawHub

Cognitive State Tracker - 通用认知状态追踪系统

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it creates a persistent psychological profile from journals/logs with broad triggers and global reuse across future replies.

Install only if you intentionally want long-term diary or work-log based cognitive tracking. Before use, choose exactly which files or conversations may be analyzed, avoid broad automatic triggers, review saved snapshots, and make sure you have a way to pause, delete, or reset the stored profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-trigger `after_daily_input_detection` is underspecified and, combined with broad file patterns for logs/journals, can cause the skill to activate on ordinary personal writing without a narrowly scoped consent boundary. In a skill that performs persistent psychological profiling and storage, ambiguous triggering materially increases the chance of collecting and processing sensitive data unexpectedly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is described as applicable to essentially any long-term AI collaborator and any journaling/logging workflow, which encourages deployment across broad personal contexts without minimizing scope. Because the skill stores inferred emotional and cognitive state over time, this broad applicability increases the likelihood of over-collection and use outside the user's intended context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The storage section mandates persistent retention, including immutable historical state files and rolling latest snapshots, but does not present a clear upfront warning about long-term retention of sensitive diary-derived inferences. Users may not realize that emotional summaries, unresolved issues, and inferred traits will be stored across sessions and remain available for later retrieval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs continuous monitoring and proactive alerts based on diary analysis, effectively turning private journaling into ongoing behavioral surveillance without an explicit privacy warning or fresh consent. This is especially risky because the monitored data includes mental state, stress, isolation, and other highly sensitive inferences that could be surfaced unexpectedly later.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill establishes a standing cross-session system to read, analyze, preserve, and summarize diary content, which creates a durable repository of sensitive personal information and inferred psychological state. This is dangerous because later prompts can implicitly draw on highly intimate historical data the user may not expect to be reintroduced or retained indefinitely.

Ssd 3

High
Confidence
99% confidence
Finding
The workflow explicitly instructs extraction and storage of sensitive inferences from journals, including emotions, interpersonal interactions, body signals, unresolved matters, and narrative assessments of the user's mental state. This goes beyond simple note-taking into structured profiling, increasing harm from unauthorized access, unintended reuse, or inaccurate inferences being treated as persistent truth.

Ssd 3

Medium
Confidence
96% confidence
Finding
Requiring the agent to load `STATE_LATEST.json` before answering any question injects prior sensitive personal-state data into all future interactions by default, even when unrelated to the user's current request. This creates an unnecessary privacy spillover risk, where historical mental-state profiling can influence responses or be surfaced outside the original journaling context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal