ClawHub

knowledge-synthesizer

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it is designed to aggregate and redistribute broad cross-agent history without clear privacy or scope controls.

Install only if you are comfortable with a skill that may inspect broad multi-agent history and turn it into reusable shared knowledge. Before use, constrain which agents, conversations, logs, and performance data it may access; redact secrets and personal data; and require review before derived insights are stored or distributed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs querying context manager history, knowledge bases, and performance data without any minimization, authorization, or privacy guardrails. In a multi-agent environment, this can lead to unnecessary access to sensitive user, agent, or system data and propagation of that data into synthesized outputs.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states it should extract from all agent interactions and enable storage/distribution of synthesized knowledge across the ecosystem, but provides no privacy, consent, segmentation, or access-control constraints. Because this skill is specifically designed for broad cross-agent aggregation and redistribution, it increases the blast radius of any sensitive data exposure, potentially turning localized secrets into widely accessible derived knowledge.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal