ClawHub

MDT Consultation

Security checks across malware telemetry and agentic risk

Overview

This skill appears useful for multi-agent consultation, but it may automatically retain sensitive consultation content without a clear consent or retention boundary.

Install only if you are comfortable with the skill retaining consultation outputs in memory. Before using it with contracts, medical plans, strategy documents, or personnel matters, ask for a no-storage workflow or manually confirm what will be archived, for how long, and how it can be reviewed or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill introduces persistent archival and evolution logging to memory paths that go beyond transient MDT orchestration and can retain user task contents, agent conclusions, and failure-analysis data. Because this skill is intended to process sensitive materials such as contracts, strategic decisions, medical plans, and leadership documents, automatic long-term storage materially increases privacy, confidentiality, and data-retention risk.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad conversational phrases such as '大家一起看', '全面评审', and '会诊一下', which are common in ordinary discussion and may activate the skill unintentionally. In a skill that can spawn multiple agents, perform archival, and route sensitive documents, accidental activation expands data exposure and may cause unintended processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill automatically archives MDT reports to memory without any user-facing consent or warning, even though the documented use cases include highly sensitive business, legal, and medical content. Users may reasonably expect analysis, not retention, so silent storage creates privacy, confidentiality, and compliance risks.

Ssd 3

Medium
Confidence
93% confidence
Finding
The archiving instruction indicates retention of full consultation reports including participating departments, conclusions, and final judgments, which may embed user-supplied confidential or regulated data. In this context, storing complete report content is especially risky because the skill explicitly targets contracts, strategic reviews, technical plans, and medical scenarios.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal