ClawHub

Lovefromio Continuous Learning

Security checks across malware telemetry and agentic risk

Overview

This skill is a persistent learning helper, but it tells the agent to preserve client and project-specific session knowledge without clear redaction, consent, or retention limits.

Install only if you are comfortable with an agent summarizing and retaining construction session learnings. Before use, require manual review, redact client names, project identifiers, pricing, bid strategy, credentials, documents, and personal data, and keep separate knowledge bases for separate clients or projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation guidance is broad and could cause the skill to run on many sessions by default, including ones containing sensitive operational or client information. In a continuous-learning skill, overly permissive triggers increase the chance that data is collected, summarized, and retained without explicit user intent or review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to store session learnings and reusable knowledge but does not warn against retaining sensitive user, client, or project data. Because the knowledge base persists patterns across sessions, any captured secrets, proprietary estimates, internal documents, or personal data could be unintentionally memorialized and later resurfaced in unrelated contexts.

Missing User Warnings

High
Confidence
98% confidence
Finding
The session review explicitly instructs preserving client/project-specific adaptations, which directly encourages storing sensitive contextual information rather than abstracting it. In a construction automation environment, this may include proprietary pricing, bid strategy, site details, vendor relationships, or client-specific workflows that should not be retained or reused broadly.

Ssd 3

Medium
Confidence
95% confidence
Finding
The learning workflow encourages preserving knowledge from prior sessions without defining data-minimization boundaries, so the system may accumulate far more context than is necessary. This increases the blast radius of any accidental disclosure because sensitive details from one client or project can persist and influence future suggestions, creating cross-session data leakage risk.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal