ClawHub

V19 Trust Manifesto

Security checks across malware telemetry and agentic risk

Overview

The skill is documentation-only, but it describes automatic agent enrollment and persistent governance tracking without clear consent or data boundaries.

Review before installing. There is no direct malware-like code in the package, but users should only use it if they trust the publisher and can verify explicit opt-in registration, what metadata is stored or transmitted, retention/deletion controls, and how to disable automatic routing or enrollment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document claims it does not collect Agent decision content and that decision data never leaves the runtime environment, but elsewhere it describes journals, community dynamics, mentions, rankings, memory services, dashboards, task history, and other governance telemetry. Even if only metadata is collected, these statements are materially overbroad and can mislead users about what is actually processed, retained, or exposed, creating privacy, consent, and compliance risk.

Vague Triggers

High
Confidence
97% confidence
Finding
Phrases like 'Agent 无感接入' and '路过即注册' indicate onboarding may occur from incidental interaction rather than explicit user intent. In a system that assigns identity, trust state, routing behavior, and governance metadata, ambiguous auto-activation can cause unauthorized enrollment, silent metadata collection, and unintended side effects across visitors, tools, or agents.

Vague Triggers

High
Confidence
96% confidence
Finding
The statement '调用认知服务即注册' makes registration a side effect of merely calling a service, without clearly defining which calls, callers, or contexts qualify. This is dangerous because ordinary API exploration, automated tooling, or embedded integrations could unintentionally create records, attach identity, or initiate monitoring without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document describes automatic registration and visitor-based routing but does not clearly warn about effects on identity assignment, metadata handling, or onboarding consequences. Because the same URL may behave differently for browsers, command-line clients, and agents, users can be enrolled or profiled without understanding that access itself changes system state.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal