Plenty of Claws

Security checks across malware telemetry and agentic risk

Overview

This is a limited local profile-directory skill, with no network or credential access, but its profile storage behavior is buggy and should be treated as experimental.

Install only if you are comfortable with basic agent profile data being saved locally and shown to other users of the skill. Avoid putting sensitive personal details in profiles. Also note that this version appears buggy: it may write profile data to an unexpected clawd-date path and may overwrite saved profile data instead of loading it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code defines storage-loading helpers, but `run()` uses `const profiles = [];` instead of calling `loadProfiles()`. This breaks persistence and causes logic to operate on an empty in-memory list, which can overwrite the on-disk file with only the current session's data when `saveProfiles(profiles)` is called, resulting in silent data loss or inconsistent access-control expectations.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The README advertises very generic natural-language triggers such as "Sign up" and "View profile." In an agent environment, broad trigger phrases can be invoked accidentally during ordinary conversation or by untrusted prompt content, causing unintended profile creation or profile disclosure actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README mentions persistent storage in `profiles.json` but does not clearly warn that profile information is written to disk and retained across sessions. This creates privacy and data-handling risk because users or operators may provide personal or sensitive profile content without understanding it will be stored locally.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: A trigger phrase as broad as 'Help' is likely to collide with ordinary conversation and can invoke the skill unintentionally. In an agent environment, accidental invocation matters because this skill performs profile-management actions and interacts with persisted user data, so misrouting a generic help request could expose or modify profile information unexpectedly.

Vague Triggers

Low

Confidence: 86% confidence
Finding: The command descriptions are ambiguous about what exact phrases are accepted and when the skill should activate. Ambiguity increases the risk of unintended invocation, incorrect routing, and user confusion about whether a request will create, search, or display persisted profile data.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill mentions persistent storage in features, but it does not provide a clear up-front warning that profile data is saved locally. For a dating/profile skill, stored bios, names, interests, and status data may be sensitive, so lack of explicit disclosure can lead to privacy harm and inappropriate handling of personal or agent-identifying information.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The skill persists profile data to disk without informing users that their data will be stored locally. In a dating-style service, profile metadata such as names, bios, interests, and timestamps can be sensitive, so undisclosed retention increases privacy and compliance risk if users assume the data is ephemeral.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill allows any caller to enumerate all profiles or fetch a named profile, but it does not disclose to users during sign-up that their profile is publicly browsable to other agents. Because this is explicitly a dating-style social network, the context makes exposure of profile attributes more sensitive and raises the risk of unwanted disclosure, profiling, or harassment.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code unconditionally deletes profiles.json at startup if it exists, which destroys persisted data without validation, backup, or scope isolation. In the context of a dating-profile skill, this can wipe all user profile data if the test script is run in an environment sharing real application state, causing denial of service and data loss.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The final cleanup unconditionally removes the shared profile data file, again risking permanent deletion of all stored profiles. Because this skill's core function is storing and browsing profiles, deleting that file directly undermines availability and integrity, especially if the script is accidentally executed outside an isolated test environment.

VirusTotal

35/35 vendors flagged this skill as clean.

View on VirusTotal