ClawHub
Back to skill

Security audit

Mio Companion

Security checks across malware telemetry and agentic risk

Overview

This companion skill stores local chat-derived memory and runs scheduled checks, which is privacy-sensitive but matches its disclosed purpose and shows no exfiltration or destructive behavior.

Install only if you want a companion that remembers recent conversation context, inferred habits, and todos in local workspace files and may run scheduled proactive checks. Avoid sharing secrets with it, review or delete the mio-companion-data directory periodically, and disable cron/proactive use if you only want manual chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual trigger phrase "陪我聊天" is broad and conversational, so it could be invoked during ordinary discussion rather than as an intentional command. In a skill that can proactively message, mine tasks, and influence scheduling, accidental activation increases the chance of unintended data collection or autonomous behavior.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description states it records routines, preferences, and chat habits and stores them in local data files, but it does not warn the user about collection, retention, or usage of this personal data. This creates a meaningful privacy and consent risk because users may disclose sensitive behavioral information without understanding it is being persistently logged.

Missing User Warnings

High
Confidence
97% confidence
Finding
The top-level description advertises proactive chatting and automatic task completion without warning that the skill may initiate contact or act on inferred tasks. Autonomous messaging and task execution can surprise users, cause unauthorized actions, and amplify harm if the skill misinterprets ordinary conversation as intent.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list contains very generic phrases such as '陪我聊天', '主动聊天', '执行任务', 'heartbeat', and '定时检查', which can match normal conversation or common system-like events rather than explicit invocations. In a companion skill with scheduled behavior enabled, this broad matching increases the chance of unintended activation, causing the skill to run when the user did not clearly request it and potentially exposing private context or producing unwanted actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persistently stores raw conversation content and inferred behavioral data to local JSON files without any visible consent, notice, minimization, or retention controls beyond a rolling count. In an agent environment, these logs can contain sensitive personal information, and local workspace storage may be accessible to other components, operators, or later sessions.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instructions describe persistent collection of habits, preferences, and chat behavior, and the file list includes long-lived JSON stores for those records. In context, this is more dangerous because the skill is designed for ongoing companionship and regular triggering, which naturally increases the volume, sensitivity, and retention of personal behavioral data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill persistently logs conversation content and later derives and surfaces habit summaries from that stored data, creating a privacy risk through accumulation, profiling, and possible secondary disclosure. In this companion-style context, users are especially likely to share intimate details, making persistent storage more sensitive than in a narrowly scoped transactional skill.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill mines arbitrary user text into persistent todo records using broad regexes, which can capture unintended personal content and transform casual conversation into stored retrievable records without clear user intent. This increases privacy risk and can also create integrity issues by recording inaccurate or misleading tasks derived from ambiguous text.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal