ClawHub

mar-dreaming

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local journaling aid for idle periods, with limited local file writes and no evidence of hidden network, credential, or destructive behavior.

Install this only if you want your agent to write local reflective notes during idle heartbeat periods. Before enabling it, confirm the heartbeat routine runs only in appropriate contexts, keep maxDreamsPerNight low, avoid use around sensitive work, and verify WORKSPACE points to the intended project.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description is broad enough that an agent may invoke it during many idle or low-activity situations without a clearly scoped user request. Because the skill creates persistent written outputs, unintended activation can produce unnecessary data retention, off-task behavior, and possible leakage of internal reasoning or sensitive context into files for later review.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation guidance tells the agent to run the skill during quiet hours if the script returns a topic, but it does not define sufficient trigger constraints or exclusion conditions. Without guardrails such as 'do not run when handling confidential material,' 'do not run unless storage is approved,' or 'only run in explicit heartbeat contexts,' the agent could activate this capability inappropriately and write unintended persistent artifacts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly writes persistent state and journal-like output files, but the documentation does not present an explicit warning about data creation, retention, reviewability, or possible inclusion of sensitive information. In practice, this can cause users or operators to enable the skill without understanding that it stores ongoing artifacts, potentially preserving confidential context or internal reasoning across sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal