ClawHub

Deep Learning (Zettelkasten)

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate deep-reading workflow, but it will create, link, append, and move notes in your local knowledge base.

Install this only if you want an automated Zettelkasten deep-reading process. Before running it, confirm the daily-note and index paths, review whether the companion skills are installed and trusted, and consider asking the agent for a preview of planned file and index changes before it modifies an existing vault.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation description is broad enough to match many ordinary requests about summarizing or understanding long content, which can cause the skill to activate in situations where the user did not intend a heavyweight, multi-phase workflow. In this skill, that matters because activation can cascade into file creation, note restructuring, and forced sub-skill use, increasing the chance of unintended repository changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These storage rules instruct the agent to create folders, create files, append to existing notes, and move notes within the repository without first requiring clear user consent or warning about side effects. This is dangerous because it can silently alter a user's knowledge base structure, create clutter, overwrite organizational intent, and cause hard-to-reverse changes if triggered by an ambiguous reading request.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow mandates sequential execution, forced sub-skill invocation, task tracking, onboarding into indexes, network-wide linking, file moves, and a compulsory audit loop that requires fixing all reported gaps. Because none of this is conditioned on explicit user authorization, a single activation can drive widespread, repeated modifications across the repository and pressure the agent to continue making changes until an internal definition of done is satisfied.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal