ClawHub

Anamnese

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory assistant, but it asks to run automatically and silently store broad personal, health, work, task, and behavioral details in cloud-persistent memory.

Install only if you intentionally want an always-on cloud memory system. Before using it, confirm that you can pause memory capture, review and delete saved entries, and prevent sensitive health, relationship, financial, identity, location, or confidential work details from being stored unless you explicitly choose to save them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill mandates unconditional activation at the start of every conversation and frames itself as something that should 'always be active,' without limiting scope to user-approved contexts. This creates an over-collection and over-processing risk because the assistant is instructed to load profile data and engage persistence even when unnecessary to the user's current request.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs the assistant to persist personal details, goals, schedules, preferences, and behavioral information across sessions, but it provides no privacy notice, consent checkpoint, retention limit, or data-minimization guardrail. That is dangerous because it normalizes broad, ongoing collection of sensitive user data without ensuring informed consent or proportionality.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions explicitly say to save meaningful information immediately and not ask 'should I save this,' which authorizes silent persistence without contemporaneous user awareness. This is dangerous because users may reveal sensitive data in ordinary conversation without realizing it is being stored for future sessions.

Missing User Warnings

High
Confidence
98% confidence
Finding
This guidance explicitly instructs the agent to persist highly sensitive personal data, including health conditions, medications, identity, relationships, and location, without requiring explicit informed consent, minimization, or any warning to the user. In the context of a skill that is meant to be loaded at the start of every conversation and operate continuously, this creates a substantial privacy and data-protection risk through over-collection and long-term retention of sensitive information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The self-learning section directs persistent cross-session storage of behavioral preferences, corrections, frustration patterns, and what 'works' on the user, but provides no transparency, consent, or user control over profiling. Because the overall skill says it should always be active and save learnings continuously, this increases the risk of covert behavioral profiling and broad accumulation of user data beyond what is necessary to complete immediate tasks.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs the assistant to continuously identify and persist user-provided information in the background, without asking at the time of capture. Even if intended to improve continuity, this creates privacy and profiling risks because the assistant becomes a continuous collector of user data rather than a task-limited helper.

Ssd 3

Medium
Confidence
98% confidence
Finding
The self-learning section tells the assistant to store cross-session notes about interaction patterns, frustrations, corrections, and what works on the user. This is dangerous because it creates a persistent behavioral profile that can reveal sensitive preferences, emotional cues, and inferred traits beyond what is necessary to complete a task.

Ssd 3

Medium
Confidence
98% confidence
Finding
The correction-capture workflow instructs the assistant to infer dissatisfaction from tone shifts or implicit behavior and silently save structured notes for future use. This is dangerous because it encourages covert inference and persistence of subjective judgments about the user, which may be inaccurate, privacy-invasive, and hard for the user to detect or correct.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal