ClawHub

📋 List · 智能表单(万能信息记录·智能记事本·智能账单)- Smart Form & Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a local bookkeeping and notes helper that persistently stores user-directed records and attachments, with the main risks disclosed and aligned with its purpose.

Install only if you want a local persistent record keeper. Expect it to save notes, financial entries, logs, and copied attachments under workspace memory when you explicitly say to record something; delete records you no longer want retained, and check reminder timezone settings before using scheduled reminders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly describes persistent reads and writes under `workspace/memory/list-data/` and invokes a script that creates, updates, queries, and deletes JSON files, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users and the platform may not realize the skill can persist data and attachments locally, increasing the risk of unintended data retention or misuse.

Vague Triggers

High
Confidence
95% confidence
Finding
Using `记一下` as a direct-execution trigger is risky because it is common conversational language and the skill is designed to save data immediately without confirmation. In normal chat, a user could casually say the phrase and unintentionally create persistent records, including potentially sensitive financial notes or attached images.

Vague Triggers

High
Confidence
92% confidence
Finding
The fuzzy triggers include highly generic terms such as `记录一下` and `日志`, which are common in ordinary conversation and could cause the skill to intervene unexpectedly. Even though the flow asks for confirmation, broad interception can still confuse users, capture context not meant for storage, and increase the chance of accidental persistence after a mistaken confirmation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill stores structured records and attachments persistently and may automatically analyze uploaded images to extract information, but the user-facing description does not clearly foreground these behaviors at the point of use. This is dangerous because users may provide receipts, notes, or documents without understanding that they will be archived and possibly processed for sensitive data extraction.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Hard-coding `Asia/Shanghai` for scheduled reminders can cause reminders and date boundaries to be wrong for users in other regions, which is particularly relevant for bookkeeping and monthly summaries. While not directly enabling code execution or data exfiltration, it can lead to inaccurate records, mistimed notifications, and user confusion around period-based reporting.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal