ClawHub

knowledge-workflow

Security checks across malware telemetry and agentic risk

Overview

This skill has documentation and quality gaps, but the reviewed files show local note reading and local Markdown output rather than hidden data theft or destructive behavior.

Install only if you are comfortable with a local helper reading notes from your knowledge-base directory and saving derived Markdown files there. Treat the Feishu, WeChat Reading, URL, and full pipeline claims as unverified in this package, and review or delete generated subconscious-analysis notes if you do not want those inferences retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill advertises a full knowledge-management pipeline and support for Feishu, WeChat Reading, URLs, storage, and LLM-based generation, but the referenced implementation reportedly does not provide those functions and instead writes local files and returns template-like output. This mismatch is dangerous because users may trust the skill with sensitive knowledge artifacts or operational workflows under false assumptions about processing, integrations, and output quality.

Missing User Warnings

Medium
Confidence
71% confidence
Finding
This branch stores note-derived 'subconscious' analysis to disk automatically, potentially creating a durable local record of sensitive psychological or highly personal inferences without explicit consent. In this skill context that is more sensitive than ordinary note export, because the generated content can amplify private material into a new artifact that may be retained, synced, indexed, or later exposed to other tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal