ClawHub
Back to skill

Security audit

diary

Security checks across malware telemetry and agentic risk

Overview

This diary skill is not deceptive, but it can automatically summarize interactions, store them, and send them to a configured channel with weak confirmation boundaries.

Install only if you want an automated diary that may use prior conversations, keep entries for up to the configured retention period, and send them to a chosen channel. Before enabling it, set a trusted target, consider turning off includeInteractions, require preview or confirmation before sending, and confirm how to stop the schedule and delete stored diary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger scope is broad enough to activate on ordinary mentions of “日记”, “心情”, or “每日记录”, which can cause the skill to run in contexts where the user did not intend diary creation, review, or configuration. In this skill, unintended activation is more dangerous because the documented workflow includes collecting interactions, writing persistent files, and sending content through a configured channel, creating privacy and unauthorized-action risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic diary writing, storage, transmission, and deletion but does not present a strong upfront warning or consent boundary for how interaction data may be collected, retained, and sent. In context, this is risky because the skill explicitly supports including past interactions and pushing generated diary content to external targets, so users may not understand that personal or sensitive conversation summaries could be persisted and transmitted automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.