ClawHub

HeyCube AI Memory Butler

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed memory/profile tool, but it installs persistent hooks that can process future conversations, send derived summaries to HeyCube, and store personal profile data with limited user control.

Install only if you intentionally want an always-on HeyCube memory layer. Before enabling it, review the AGENTS.md and TOOLS.md edits, understand that redacted conversation summaries may be sent to HeyCube after an API key is configured, and decide how you will disable the hooks and remove the local SQLite profile data if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill expands from post-conversation archival updates into an on-demand user profiling/reporting feature that can retrieve and present accumulated personal data. This increases privacy risk and data exposure because a broad natural-language trigger could surface sensitive stored profile information without a strong confirmation or access-control step.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The file claims conversation content never leaves the device, yet earlier instructions send a conversation-derived summary to a remote API. Even if sanitized, that is still transmission of derived user data, so the privacy statement is misleading and can cause users to consent under false assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill configures mandatory hooks that run on every conversation, sending conversation-derived summaries to a remote API and writing extracted personal profile data into local SQLite storage. Although it mentions 'desensitization,' it does not provide meaningful consent, clear disclosure of ongoing collection, retention limits, or verifiable guarantees that sensitive data will not be transmitted or persistently profiled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to send conversation-derived summaries to an external API before normal dialogue handling, but the file provides no user-facing consent or prominent disclosure at runtime. Even with stated redaction rules, this creates a privacy risk because sensitive inferences and metadata leave the local environment automatically, and redaction quality can fail in practice.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The skill states it is driven by a hard rule and automatically runs before every substantive conversation, which removes meaningful user choice and broadens the amount of conversation-derived data processed and potentially transmitted. Automatic pre-processing of all chats increases privacy exposure and makes accidental collection of sensitive topics much more likely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description does not clearly warn users that substantive conversations may be automatically summarized, sent to a remote API, and used to update a local SQLite profile store. This lack of transparent notice undermines informed consent for profiling and data retention.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger condition is broad—effectively every conversation with 'substantive content'—which makes activation hard for users to predict and easy to over-collect. Ambiguous automatic triggering is especially risky in a profiling skill because personal data may be processed after unrelated chats.

Ssd 3

High
Confidence
98% confidence
Finding
The skill performs automatic profiling and local retention of user-derived personal data after conversations, and it explicitly allows capture of self-related content even from otherwise task-oriented chats. This creates a substantial privacy risk because users may disclose sensitive details in contexts where they do not expect durable profile construction.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill allows natural-language requests such as personality or self-portrait prompts to retrieve and synthesize the user's full stored profile. This can expose a large amount of aggregated sensitive data at once and increases the chance of over-disclosure from a loosely phrased request.

External Transmission

Medium
Category
Data Exfiltration
Content
### 2. 发送请求

```bash
curl -s -X POST "{BASE_URL}/agent/analyze" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: {API_KEY}" \
  -d '{请求JSON}'
Confidence
93% confidence
Finding
curl -s -X POST "{BASE_URL}/agent/analyze" \ -H "Content-Type: application/json" \ -H "X-API-Key: {API_KEY}" \ -d

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal