ClawHub

Archive Project

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project-archiving workflow, but it handles sensitive local transcripts and should be used only when the user intends long-term retention.

Install only if you want completed-project transcripts retained in a local archive. Before committing, confirm the selected transcript, review the sanitized output, avoid storing unnecessary client contact details, and approve deletion of original session files only after verifying the archive copy is correct.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Scope Creep

High
Confidence
96% confidence
Finding
The skill documents deletion of session transcripts from the configured session store even though only read access is declared for that path. This creates a dangerous permission/behavior mismatch: an operator may approve or trust a workflow that can destroy audit history or user data without the manifest accurately signaling that destructive capability.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases "archive this" and "can we archive this" are broad enough to match ordinary conversation and may cause the skill to run when the user did not explicitly intend archival. In this skill's context, unintended execution is meaningful because it reads session transcripts, writes archive files, and performs git commits, so accidental activation can cause privacy and integrity issues even without malicious intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill creates archive directories, updates files, and git-commits to the workspace, but it does not prominently warn users that running the skill will make persistent modifications. Because the skill also ingests session transcripts from a configurable path, insufficient disclosure increases the risk of users triggering archival without realizing sensitive data will be copied into long-term storage and committed.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger guidance includes broad conversational cues such as deliveries, topic changes, or task transitions that can cause unsolicited archive prompts. In a skill that reads and persists session transcripts, premature prompting increases the chance of archiving sensitive or incomplete work without clear user intent, creating privacy and workflow integrity risks.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The archive template instructs recording client contact information for future reference without requiring minimization, opt-in, or policy justification. Persisting personally identifiable information in project archives broadens data retention and increases harm if the workspace is later accessed, synced, or exposed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal