ClawHub

小龙虾备忘录

Security checks across malware telemetry and agentic risk

Overview

This is a real memo app, but it can expose private notes and deletion controls over an unauthenticated network service.

Install only if you are comfortable running a personal notes web service. Keep it bound to localhost or behind strong access controls, avoid storing sensitive notes until authentication is added, review nginx commands before using sudo, and back up scripts/memos.db before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest frames the skill as a lightweight idea-capture aid, but the body describes a fuller memo platform with persistent storage, CLI, web server, REST API, and reverse-proxy deployment. This understates the scope of the software and can cause users or agents to approve or run infrastructure they would not expect from the stated purpose.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill advertises deletion capability without any warning about irreversible data loss or the need for confirmation. In a memo system handling user-authored content, destructive operations can cause accidental loss if invoked by an agent or user without adequate safeguards.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The nginx setup instructions modify host system configuration under /etc and reload a system service, but the documentation does not warn that these are privileged, host-altering steps. This can lead users or automation to make persistent system changes without realizing the scope or rollback requirements.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal