ClawHub

xiaowei-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks agents to persist broad conversation, error, and workflow learnings into future-injected memory files with limited scoping or redaction guidance.

Install only if you want persistent agent memory. Review any hook scripts before enabling them, keep hooks opt-in, and do not allow the agent to store secrets, credentials, raw transcripts, private user data, or unredacted command output in learning or promoted memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document states that the scripts only output text and do not run commands, but the hook configuration explicitly invokes shell scripts via a command hook and also references an extraction script that scaffolds a skill. This mismatch can cause operators to underestimate the trust boundary and permissions involved, increasing the chance they enable hooks that execute local code without appropriate review.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The detection triggers are broad enough that the self-improvement workflow may activate on routine errors, ambiguous user feedback, or ordinary tool failures, causing the agent to persist or promote data without clear user intent. In a skill designed to capture and store 'learnings,' oversensitive triggering increases the chance of storing sensitive prompts, outputs, or mistaken inferences in durable workspace files.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide encourages logging and promoting learnings into persistent workspace files but does not warn against storing secrets, personal data, raw transcripts, tokens, or environment-specific sensitive content. Because these files become part of future injected context, any sensitive material written there may be repeatedly exposed to later sessions and other agents, compounding the privacy and security risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal