ClawHub

Skill Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill stores and searches user-approved workflow notes locally, with privacy cautions but no evidence of hidden exfiltration, destructive behavior, or deceptive capability.

Install only if you want local, searchable memory of reusable workflows. Review every generated skill before saving, avoid saving credentials or private data, and keep API keys out of skill files, prompts, and logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill explicitly describes storing generated skill files under a user-writable path and performing retrieval/search, which implies read/write filesystem capability, yet no permissions are declared. This creates a trust gap: a host may expose broader file access than users or policy expect, increasing the chance of unintended persistence or access to local data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to automatically retrieve skills whenever a user describes a new task is overly broad and lacks boundaries on when retrieval should occur or what data sources may be searched. In a memory/learning skill, this can cause inappropriate cross-task data reuse, surfacing prior task content or suggestions in contexts where it is irrelevant or sensitive.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persists markdown generated from raw conversation/task content to a predictable local skills directory without any warning, consent flow, redaction, or sensitivity checks. In this skill's context, conversations may contain API keys, credentials, personal data, internal prompts, or proprietary workflow details, so saving them for later retrieval increases the risk of unintended disclosure and long-term retention of sensitive material.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly notes that Zotero API access requires a userID and API key, but it provides no warning about treating those values as secrets, no guidance against hardcoding or storing them in skill files, and no privacy note about account/library exposure. In an agent setting, this can lead users to paste credentials into prompts, logs, or reusable documents where they may be retained or leaked.

Ssd 3

Medium
Confidence
92% confidence
Finding
The preview generator copies task text and extracts content from the full conversation into a reusable skill document, which can persist secrets, personal data, internal URLs, credentials, or sensitive operational context into a new searchable artifact. In this skill’s context, that risk is amplified because the whole purpose is to store reusable documentation for future retrieval, making accidental data propagation and long-term exposure more likely.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal