Clawhub Publish Kmwrip1j

Security checks across malware telemetry and agentic risk

Overview

This skill is privacy-sensitive because it analyzes local history for MBTI inference, but its access, outputs, and local persistence are disclosed and tied to that purpose.

Install only if you are comfortable with a local personality report being built from selected OpenClaw/workspace history. Approve only the source categories you want analyzed, avoid task or cron metadata unless you intentionally want operational history included, use quote-mode none if you do not want excerpts, and delete the .mbti-reports output when you no longer need it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (11)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill clearly performs sensitive operations including reading historical data, writing reports, invoking shell commands, and potentially opening a browser, yet it declares no permissions boundary. That mismatch can cause an agent or user to authorize the skill without understanding that it can access large amounts of personal data and execute local actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The description frames the skill as analyzing authorized memory, session history, and workspace notes, but the body instructs access to additional sources such as SQLite indexes, task metadata, cron metadata, local report rendering, and auto-opening a browser. This broader behavior increases privacy and execution risk because users may consent based on an incomplete understanding of what data is touched and what actions occur on the host.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill metadata says MBTI analysis should rely on authorized OpenClaw memory, session history, and workspace notes, but this discovery logic also enumerates task-run and cron-run data sources. That expands collection scope beyond the stated evidence set and can pull in unrelated operational records that may contain sensitive or out-of-context user data, creating an over-collection/privacy risk in a personality-inference skill.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: This script ingests broadly from OpenClaw sessions, memory index, task runs, and cron runs whenever those source types are approved, then writes the combined data into raw_records.jsonl. For an MBTI-analysis skill, this is excessive data collection because operational and historical data can contain sensitive content unrelated to personality analysis, increasing the risk of privacy overreach and secondary exposure.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: Task-run and cron-run logs are operational telemetry, not obviously relevant to MBTI analysis, yet the code ingests them wholesale and serializes their contents into output records. These logs may contain commands, summaries, internal state, or sensitive metadata, so including them creates unjustified access to data beyond the stated purpose.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The helper explicitly defines additional data sources, including OpenClaw task-run metadata and cron execution traces, beyond the user-facing description of memory, session history, and workspace notes. In a personality-inference skill, expanding collection to operational histories increases privacy risk and can cause users to be profiled from unrelated or unexpectedly sensitive behavior traces.

Context-Inappropriate Capability

Medium

Confidence: 85% confidence
Finding: The renderer contains host-side browser-launch capability that is not necessary for producing MBTI reports, and in an agent skill context this expands the action surface from passive file generation to local application execution. Even though it only opens a local HTML file, that file is built from analysis and evidence content, so enabling automatic launch can expose users to unwanted external actions, tracking links, or execution of active content in the browser without an extra consent boundary.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger list includes broad natural-language phrases such as "MBTI," "personality analysis," and "type me," which can plausibly appear in ordinary conversation and cause the skill to activate unexpectedly. In this skill’s context, unexpected activation is more sensitive because the skill is designed to analyze conversation history, memory, sessions, and workspace notes, increasing the chance of unintended personality inference over private historical data.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: Automatic language selection based on source-language mix removes explicit user choice over how the report is rendered and may expose inferred preferences or alter output handling without consent. In this skill, that matters because the report is built from sensitive personal history and memory sources; automatic behavior around presentation should be user-directed, not inferred silently from analyzed content.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The main flow performs bulk ingestion and persistence of multiple categories of user and system data into output files without any disclosure, confirmation, or visibility mechanism in this code path. In a personality-profiling skill, silent aggregation is particularly risky because users may not expect workspace notes, sessions, and operational artifacts to be consolidated for inference.

Session Persistence

Medium

Category: Rogue Agent
Content: ## Execution Flow If the user does not provide an output directory, write results to: ```text ./.mbti-reports/<timestamp>/
Confidence: 90% confidence
Finding: write results to: ```text ./.mbti-reports/<timestamp>/ ``` Recommended order: ### 1. Discover Candidate Sources ```bash python3 {baseDir}/scripts/discover_sources.py \ --workspace-root . \ --o

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal