ClawHub

每周安排助理

Security checks across malware telemetry and agentic risk

Overview

This is a local weekly planning skill that saves and summarizes planner data, with no evidence of hidden network access, credential use, or unrelated destructive behavior.

Install this only if you want a planner that stores your work plans, completion notes, and reflections in local ./weekly-plans JSON files. Avoid putting secrets or highly sensitive reflections there, and remember that deleting a plan is a soft delete, so some data may remain in the files until manually removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill performs persistent local file writes to ./weekly-plans and may also read prior records, but it does not declare permissions or clearly scope those capabilities. Hidden persistence increases the risk of unexpected data retention and unauthorized file access assumptions by the host or user, especially because the skill stores potentially sensitive work logs and reflections.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on generic requests about planning, summaries, or progress, which can cause the agent to invoke this skill unexpectedly. In context, unexpected invocation is risky because the skill persists user work data to disk and may transform ordinary conversation into stored records without deliberate consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description and workflow do not prominently warn users that their plans, completions, and reflections are automatically persisted to local JSON files. This creates a privacy and consent issue because users may share sensitive work details assuming they are only generating a transient summary, while the skill silently retains them.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manual trigger phrase includes 'or similar expressions' without defining boundaries, which can cause the agent to invoke the reporting workflow on ambiguous or unintended user inputs. In an agent setting, overly broad triggers increase the risk of unauthorized actions, privacy leakage from showing work-report data, or prompt-routing mistakes caused by natural-language ambiguity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal