ClawHub

Personal Ontology

Security checks across malware telemetry and agentic risk

Overview

This skill appears legitimate, but it needs review because it can read and store sensitive personal notes and continue scanning with unclear limits.

Install only if you are comfortable letting an agent read selected personal notes and use them in future decisions. Before running bootstrap or daily scans, choose a narrow folder scope, exclude sensitive journals or archives, require review before every write, and know where suggestion and state files are stored so you can delete or disable them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup guide explicitly instructs the agent to scan a user's existing notes and create ontology files, which implies processing potentially sensitive personal data such as journals, beliefs, goals, and identity-related content. Without an explicit privacy notice, scope limitation, consent checkpoint, or data-handling guidance, users may not understand what will be read, retained, or written, increasing the risk of over-collection and exposure of highly sensitive information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs agents to passively scan recent notes, modified files, task completions, and calendar/journal data, but it does not clearly require prior user consent, scope limits, or a prominent privacy notice. In an agent setting, this can normalize broad background surveillance of sensitive personal data and lead to over-collection or unexpected access beyond what the user intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill says the agent creates and updates ontology files and later describes ongoing maintenance with local state tracking, but it does not prominently warn users that automated writes may continue after setup. This creates a risk of silent or surprising modification of personal notes, ontology records, or state files, which can damage data integrity and user trust if the agent writes incorrect inferences or overwrites content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs an agent to scan a user's private notes vault and extract exact quotes into a new file, but it does not require a clear privacy notice, scope limitation, or data-minimization step before processing. In this context, journals, drafts, and archived notes are likely to contain highly sensitive personal information, so silent bulk extraction meaningfully increases the risk of exposing or over-collecting private data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to save output directly into the user's notes folder, but it does not prominently warn the user that files may be created or modified in their vault. That can lead to unexpected writes, contamination of the knowledge base, accidental syncing of sensitive extracted content, or overwriting/altering user data without fully informed consent.

VirusTotal

VirusTotal findings are pending for this skill version.