ClawHub

llm-wiki-knowledge-Karpathy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Obsidian wiki-management skill that can read and write wiki files, with no executable code or hidden install behavior found.

Install this only if you trust the /obsidian integration and are comfortable letting the agent read source files and update wiki pages in your vault. For safer use, keep the wiki in a dedicated folder, confirm planned writes before ingesting, and specify your preferred language for confirmations and summaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README states that even broad, everyday phrases like '帮我把这篇文章加进 wiki' or 'wiki 里有关于 X 的内容吗' must trigger this skill. That makes activation overly broad and can cause the agent to invoke the skill in situations where the user did not intend persistent knowledge-base operations, increasing the chance of unintended file reads, writes, or workflow hijacking. Because this skill manages a persistent wiki and can ingest or write content, over-triggering is more dangerous than it would be for a read-only helper skill.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The design principle '语言跟随资料' directs output language based on source material rather than explicit user preference. While not a classic security flaw, it can override user expectations and be abused in edge cases to force responses into a language the user cannot review, reducing transparency for planned wiki changes or confirmations. In a skill that performs persistent knowledge compilation and possible writes, loss of user comprehension can weaken informed consent and increase operational risk.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger description includes very broad everyday phrases such as '查一下', '问题', and examples like 'wiki 里有关于 X 的内容吗', combined with a 'must use this skill' requirement. This can cause the skill to activate in contexts where the user did not explicitly intend to operate on the wiki, leading to unintended file reads/writes or disclosure of wiki content through an over-broad routing rule.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal