ClawHub

澪白主控Agent

Security checks across malware telemetry and agentic risk

Overview

This companion chat skill has no exfiltration or destructive behavior, but it silently saves ordinary chat text locally without clear user notice or deletion controls.

Install only if you are comfortable with chat content being saved locally in plain JSON. Avoid sharing sensitive personal details until the skill discloses memory behavior, fixes retention, and adds a way to view and delete saved data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger description allows activation from real-time messages, heartbeat events, and scheduled tasks without clear scope, authorization boundaries, or rate limits. For a master/orchestrator agent that can route tasks to sub-agents, overly broad triggers increase the risk of unintended invocation, excessive autonomy, and abuse of downstream capabilities.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes a very broad phrase, "陪我", alongside real-time message activation, which can overlap with normal user conversation and cause the agent to activate when the user did not clearly intend to invoke it. In a companion-style agent with proactive behavior, this increases the risk of unintended engagement, privacy-invasive responses, or excessive autonomous actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persistently writes user conversation content to a local JSON file via keep() without notifying the user or obtaining consent. This creates a privacy risk because sensitive prompts, personal details, or secrets may be retained on disk and later exposed to other local users, processes, backups, or logs.

Ssd 3

Medium
Confidence
97% confidence
Finding
The agent stores all chat inputs by default in mem.json, creating broad retention of potentially sensitive user-provided data. In this skill context, the agent is framed as a companion/chat assistant, which makes users more likely to disclose personal or emotional information; retaining that by default increases privacy and confidentiality risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal