ClawHub
Back to skill

Security audit

Family OS

Security checks across malware telemetry and agentic risk

Overview

This is a local household organizer with no exfiltration signs, but it defaults to automatically storing sensitive family information, so users should review its privacy settings before installing.

Install only if you want an agent to maintain a persistent local household record. Before using it, choose a private workspace path, review ~/.family-os/config.yaml, consider disabling auto_update or requiring confirmation for all writes, and avoid storing credentials, ID numbers, medical results, or detailed child/legal/financial records unless you are comfortable with local plaintext files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read environment variables and local configuration files and to write data into a user workspace, but it does not declare corresponding permissions. This creates a transparency and least-privilege problem: users or hosting systems may not realize the skill can access local state and persist sensitive household data.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The skill is designed to engage whenever a 'family-related conversation contains new information,' which is a broad trigger for a highly sensitive domain. That can cause unintended invocation and storage or modification of private household, financial, medical, or legal information when the user did not explicitly request Family OS actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file explicitly instructs the agent to perform automatic writes to the user's local household workspace when auto-update is enabled, but it does not require a clear user-facing warning or confirmation for ordinary writes. In a skill designed to manage highly sensitive family data, silent persistence can create privacy, integrity, and consent risks by storing inferred or misclassified information without the user noticing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The archiving routine moves all existing workspace contents into an archive location when `--archive-existing` is used, but there is no interactive confirmation, dry-run, or explicit last-minute warning before destructive filesystem changes occur. In a tool managing highly sensitive household data, an accidental invocation, misconfigured workspace path, or agent misuse could silently relocate large amounts of private data and disrupt user workflows or overwrite archival expectations.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Use a workspace path explicitly provided by the user.
2. Use `FAMILY_OS_HOME` when set.
3. Read `~/.family-os/config.yaml` when present.
4. If no workspace exists, run `scripts/family_os_init.py` to create one.

Never write household facts, names, finances, medical details, documents, or private decisions into this skill directory.
Confidence
84% confidence
Finding
create one. Never write household facts, names, finances, medical details, documents, or private decisions into this skill directory. Choose workspace language in this order: 1. Use the language ex

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal