ClawHub

MBTI Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill appears locally focused and not malicious, but it asks for broad private OpenClaw history and can persist consolidated reports and raw records.

Install only if you are comfortable letting it inspect selected OpenClaw history and workspace memory. Approve the narrowest source categories needed, avoid task or cron metadata unless you specifically want that operational history analyzed, use quote-mode none when you do not want excerpts, and delete the generated .mbti-reports directory after use if it contains sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read local files and databases, write multiple report artifacts, invoke shell commands, and potentially open a browser, but it declares no permissions or user-facing capability boundaries. That mismatch can cause overbroad execution in environments that rely on manifest permissions for policy enforcement and informed consent, especially given the sensitive nature of memory, session, and workspace data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The description frames the skill as analyzing authorized memory, session history, and workspace notes, but the workflow also discovers broader OpenClaw artifacts, reads SQLite databases, persists derived data, and can auto-open the generated report. This mismatch undermines user consent and reviewer understanding, which is especially risky because the skill processes sensitive historical data and expands beyond the narrowly described sources.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill is described as using authorized OpenClaw memory, session history, and workspace notes for MBTI analysis, but this source discovery also enumerates task-run and cron-run artifacts. Those stores can contain unrelated operational logs, prompts, secrets, or behavioral data outside the user's expected consent scope, creating an over-collection and privacy boundary violation if later consumed by the skill.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to analyze MBTI from authorized memory, session history, and workspace notes, but the ingestor also pulls from OpenClaw memory indexes, task runs, and cron run logs. This broadens collection beyond the stated purpose and can capture unrelated operational or sensitive data, increasing privacy risk and violating data minimization expectations.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Task-run and cron-run logs are operational telemetry, not obviously relevant to MBTI inference, yet this script ingests them into the analysis corpus. In skill context, that makes the collection more dangerous because users would reasonably expect personality analysis to use conversational or note data, not backend execution history that may contain secrets, commands, or unrelated behavioral metadata.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The helper explicitly defines additional data sources, including OpenClaw task runs and cron execution traces, that go beyond the skill’s stated purpose of analyzing authorized memory, session history, and workspace notes. This creates a scope-expansion risk: downstream scripts can access broader operational metadata that may contain sensitive information unrelated to MBTI analysis, increasing the chance of overcollection and privacy misuse.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README advertises broad natural-language triggers such as "MBTI," "personality analysis," and "type me," which can cause the skill to activate on loosely related user requests. In a skill that reads memory, session history, and workspace notes, unintended activation increases the chance of unnecessary access to sensitive personal context or personality inference the user did not clearly request.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase 'type me' is broad enough to match ordinary conversation unrelated to personality analysis, increasing the chance the skill activates unexpectedly. Because the skill can enumerate and ingest sensitive local history after activation, accidental invocation materially raises privacy risk even if later authorization is requested.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The description does not prominently warn that the skill may analyze sensitive historical conversations, local memory files, workspace notes, and metadata sources. Missing this privacy warning weakens informed consent and makes it easier for users to invoke the skill without appreciating the scope and sensitivity of the data involved.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script aggregates content from sessions, memory files, and SQLite databases and writes the combined data to raw_records.jsonl and source_summary.json without any visible notice, consent checkpoint, or minimization at write time. This creates a durable secondary dataset that can expose sensitive personal or operational information if the output directory is retained, shared, or accessed by other components.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes Markdown and HTML reports that can include user-derived evidence summaries and excerpts to disk without any explicit privacy warning, redaction step, or safer default. In an MBTI-analysis skill, the rendered report is based on memory, session history, and workspace notes, so persisting those excerpts can expose sensitive personal data to local users, backups, sync services, or other tools reading the workspace.

Missing User Warnings

Low
Confidence
81% confidence
Finding
When auto-open is enabled, the script immediately launches the generated HTML in the system browser without a runtime warning that the page may contain sensitive evidence excerpts. In this skill's context, opening a personality report derived from authorized memory/session/workspace content can leak private material through browser history, synced tabs, screen sharing, extensions, or shoulder-surfing.

Session Persistence

Medium
Category
Rogue Agent
Content
## Execution Flow

If the user does not provide an output directory, write results to:

```text
./.mbti-reports/<timestamp>/
Confidence
92% confidence
Finding
write results to: ```text ./.mbti-reports/<timestamp>/ ``` Recommended order: ### 1. Discover Candidate Sources ```bash python3 {baseDir}/scripts/discover_sources.py \ --workspace-root . \ --o

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal