ClawHub

Birthday Reminder

Security checks across malware telemetry and agentic risk

Overview

This is a local birthday manager that stores birthday data on disk, with a documentation mismatch but no evidence of exfiltration, hidden execution, or destructive behavior.

Before installing, understand that names and birthdays will be saved locally and remain there until removed. Treat /home/clawd/clawd/data/birthdays.json as the actual storage file despite the documentation mentioning birthdays.md. Use it only for birthday data you are comfortable keeping on this machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly instructs reading from and writing to `/home/clawd/clawd/data/birthdays.md`, but no permissions are declared. Undeclared file access weakens platform trust boundaries and can lead to silent persistence of personal data or execution in environments that do not expect disk access.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented behavior extends beyond the stated interactive birthday-management purpose by referencing cron/job reminder logic and other storage/behavior inconsistencies. Description-to-behavior mismatches are dangerous because reviewers and users may authorize a seemingly simple skill while it performs broader persistence or background-processing actions than expected.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill introduces automatic cron-based reminders and references external `scripts/reminder.py` logic that is outside the manifest’s described interactive behavior. Hidden or underdocumented automation increases risk because it can run without an immediate user prompt, access stored personal data repeatedly, and create unexpected notifications or persistence flows.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The script reads birthdays from /home/clawd/clawd/data/birthdays.json, while the skill metadata says birthdays are stored in /home/clawd/clawd/data/birthdays.md. This inconsistency can cause the reminder job to ignore the user-visible data source, operate on a shadow data store, and leak or act on stale or unexpected personal data, which is especially sensitive in a birthday-management skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation rule 'Use when the user mentions birthdays' is overly broad and can cause the skill to trigger in contexts where the user did not intend storage or retrieval of personal information. In a privacy-sensitive skill that writes to disk, overbroad activation raises the chance of accidental collection, disclosure, or modification of birthday records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores names and birthdays in a persistent file but does not warn users that this personal data will be written to disk. Birthdays combined with names are personal information, and silent persistence creates privacy and consent risks, especially on shared systems or where retention expectations are unclear.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal