Ai Writing Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a small AI writing assistant skill whose network use is expected for its stated purpose, though users should avoid submitting sensitive text without understanding the external service involved.

Reasonable to install if you trust the referenced clawhub CLI and understand that writing prompts may be handled over the network. Do not submit confidential, regulated, unpublished, or business-sensitive text unless the external service's privacy and retention practices are acceptable to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly states that network access is required, but it does not warn users that their submitted text may be sent to an external service for processing. Because this skill handles free-form user writing, that text could contain sensitive personal, business, or unpublished content, creating a real privacy and data-handling risk through omission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal