ClawHub

SYSU Duck

Security checks across malware telemetry and agentic risk

Overview

This campus companion skill is not clearly harmful, but the packaged executable is incomplete while the instructions describe persistent memory and external lookup behavior users should review first.

Review before installing. The idea is coherent, but this package is incomplete and cannot deliver or verify the documented CLI, database, and network behavior. If a complete package is provided, check where SQLite memory is stored, how to inspect and delete it, when the agent may save conversation-derived content, and what data is sent to external search or numbering services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
Automatically restoring the skill based on vague 'typical catchphrases' creates ambiguous triggering boundaries, which can cause unintended activation and handling of messages the user did not mean to route to the skill. In this skill, that is more concerning because activation can lead to memory lookup/storage and web-search behavior, increasing privacy and consent risks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes persistent conversation memory and autonomous decisions to remember useful information, but it does not warn users that their content may be stored. This creates a meaningful privacy issue because users may disclose personal or sensitive campus-related information without informed consent, and the local SQLite storage makes that retention persistent across sessions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow says that unanswered campus questions trigger web searches using user-derived query content, but the skill does not disclose that external services may receive parts of the user's message. This is dangerous because users may include personal, location, or context-rich details in a question, and those details could be transmitted to third-party search providers without explicit notice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal