ClawHub

独立思考四部曲

Security checks across malware telemetry and agentic risk

Overview

The skill is not overtly malicious, but it broadly requires agents to use and update a private vector memory without clear consent, limits, or deletion controls.

Install only if you intentionally want this skill to use a private vector-memory workflow across many tasks. Avoid using it with secrets, personal data, regulated information, or confidential business work unless you have separate controls for approval, redaction, retention, access, and deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description is extremely broad, covering nearly any situation involving thinking, decision-making, action, or review. That breadth can cause the skill to trigger in ordinary conversations and operational tasks, increasing the chance that its mandatory vector-retrieval and storage behaviors are applied when not necessary, including in sensitive contexts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill requires that outputs from the '看' phase be stored into a private vector system, but it provides no user notice, consent flow, retention policy, or sensitivity checks. This creates a real privacy and data-governance risk because task content may contain confidential, personal, or proprietary information that becomes persistently stored and retrievable later.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill instructs persistent logging of task results into a private vector store as part of its required workflow. In context, the skill is meant to apply across broad decision-making and execution scenarios, so it is likely to capture sensitive natural-language content from many domains; this materially increases the risk of retention, later disclosure, cross-task leakage, or inappropriate reuse of confidential information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal