ClawHub

Knowledge Curator

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate knowledge-base purpose, but it needs review because its save triggers are inconsistent and it can fetch, persist, delete, and export user-linked content with limited safety boundaries.

Install only if you are comfortable with submitted links being fetched and saved into a local knowledge-base folder. Use explicit save commands, avoid private or authenticated URLs, review stored entries before exporting, and treat delete commands as potentially permanent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The README states that content is only saved on explicit user instruction, but later examples say that directly sending a link will save it. This inconsistency can cause unintended persistence of user-shared URLs and fetched page content, creating a consent and privacy risk because users may believe a link is being discussed rather than stored.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation semantics are contradictory: the text says only explicit instructions trigger saving, while the documented workflow elsewhere implies broad automatic activation. Ambiguous trigger rules are dangerous in a knowledge-capture skill because they can cause accidental collection and retention of user content without clear consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Trigger phrases like '记下来' or '把这个收藏到知识库' are broad natural-language expressions that overlap with ordinary conversation. In an agent context, this increases the chance of misinterpreting casual speech as authorization to fetch and persist external content, leading to unintended data retention and possible scraping of sensitive links.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes save commands and examples but does not clearly and prominently warn that shared links and fetched content snapshots are stored persistently in local files. This is dangerous because users may disclose URLs or content expecting transient processing, while the skill actually builds a lasting knowledge base that may contain sensitive material.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes persistent storage to a local knowledge base plus management actions like delete and export, but it does not clearly warn users that content will be written to local files, indexed, retained over time, or that some commands are destructive. This can lead to unintended data retention, accidental deletion, or export of sensitive material the user did not realize was being stored.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automatically fetches third-party URLs and may extract full page content, transcripts, and metadata, but it does not explicitly warn that external requests will be made based on user-provided links. This creates privacy and compliance risk because submitted URLs may contain private or sensitive resources, and fetching them may expose access patterns or process content the user did not intend to transmit or store.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The delete path invokes `store.deleteEntry(entryId, CONFIG)` immediately with no confirmation, dry-run, authorization check, or safety prompt. In a chat/agent skill context, ambiguous parsing, accidental invocation, or prompt-induced command generation could cause irreversible data loss in the local knowledge base.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal