ClawHub

Arknights Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned Arknights guidance with disclosed local profile storage, but users should avoid the optional curl-to-bash install path unless they trust and inspect it.

Installing through a skill manager is preferable. Before use, understand that the agent may save explicitly stated game account facts, including server, level, UID, goals, resources, and operators, to ~/.config/arknights-skill/doctor-profile.json. Avoid the manual curl-to-bash install path unless you inspect or pin the script first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
This is a real safety/control flaw: the CLI requires `--apply`, but `command_confirm()` never checks `args.apply` before mutating the profile and saving it. That means any invocation that reaches this handler will apply the pending value immediately, defeating the advertised explicit confirmation barrier and increasing the chance of accidental state changes in automation or wrapper tooling.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill instructs the agent to run update, delete, confirm, dismiss, and garbage-collection commands against local profile data, but it does not clearly warn that these actions modify or remove user data. In an agent setting, that omission can cause silent state changes and accidental data loss, especially because the commands are presented as routine workflow steps.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The quickstart tells users to execute a remotely fetched shell script directly with curl|bash, which bypasses normal review and integrity checks. If the GitHub account, repository, branch, or network path is ever compromised, users could immediately run attacker-controlled code on their machines during installation.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The guide states that the agent will automatically save account and operator information to a local profile, but it does not present a clear notice about data persistence before collection. While the stored data appears low sensitivity and local-only, users should be explicitly informed and given consent and control before automatic storage occurs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal