ClawHub

学习日志系统

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local learning journal that writes notes to workspace files, with no evidence of network transfer, credential access, or hidden behavior.

Install only if you want the agent to keep local plaintext learning notes. Avoid saving secrets, credentials, customer data, private incident details, or sensitive paths, and set the intended workspace when using the helper script so entries are written where you expect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are extremely broad—task completion, failures, discoveries, decisions, and workflow optimizations—which can cause the skill to activate during many ordinary interactions. In a journaling skill that writes persistent files, overbroad activation materially raises the risk of capturing unnecessary or sensitive context without a deliberate user request.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to automatically persist learned information from tasks and conversations into long-lived workspace memory files. Without sensitivity filtering, consent, or data-minimization rules, this can store secrets, proprietary prompts, internal decisions, user data, or other sensitive context in plaintext where later tools, users, or processes may access it.

Ssd 3

Medium
Confidence
95% confidence
Finding
The examples and write-timing guidance encourage broad logging of task context, errors, discoveries, decisions, and workflow changes, but provide no safeguards for sensitive material. That combination strongly increases the chance that the agent will save confidential conversational content or operational details into durable notes, creating persistent data leakage and secondary exposure risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal