ClawHub

ideas

Security checks across malware telemetry and agentic risk

Overview

This is a local idea-tracking skill with disclosed persistence and deletion behavior, but users should be aware of broad triggers and local data retention.

Install only if you are comfortable with ideas being saved locally in a JSON file. Use explicit save, update, and delete requests, avoid storing secrets or highly sensitive information, and confirm the actual data location before relying on backups or permanent deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly documents writing persistent data to `~/.openclaw/workspace/ideas-data/ideas.json`, yet no permissions are declared. This creates a mismatch between the skill’s effective capabilities and its declared trust boundary, which can lead to unauthorized file modification if the platform or reviewer relies on declared permissions for approval or containment.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger phrases are extremely broad everyday language such as `发现`, `记一下`, `灵感`, and `想法`, making accidental invocation likely during normal conversation. Because the skill performs persistent file writes and state changes, over-broad triggering increases the chance of unintended data creation or modification without the user realizing the skill was activated.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description includes update, soft delete, and permanent deletion behavior, but does not warn users that these actions modify stored records or may irreversibly remove data. In context, this is more dangerous because the same skill also has broad triggers, so users may not expect a casual utterance to lead to destructive or persistent changes.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal