ClawHub

Skill Analytics

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about local analytics, but it broadly logs raw skill triggers and context across sessions without clear consent, minimization, or retention controls.

Install only if you intentionally want workspace-wide skill usage monitoring. Before enabling it, remove or redact raw trigger text, limit which skills are logged, set retention and deletion rules, restrict access to the log and reports, and avoid the optional cron job until the referenced report script and report destination are reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs arbitrary skills to persist trigger phrases and execution context for every invocation, creating a cross-skill interaction log that can collect sensitive user inputs, internal workflow details, and social/context metadata. Because this logging is broad, automatic, and shared across sessions, it increases privacy exposure and the blast radius of any local compromise or accidental disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to log every invocation along with trigger phrases and context, but it provides no explicit user notice, consent boundary, or sensitivity guidance despite collecting data derived from user interactions. This creates a privacy and data-governance risk because users and downstream skill authors may not realize potentially sensitive content is being retained.

Ssd 3

Medium
Confidence
96% confidence
Finding
The logging format stores user-provided trigger phrases verbatim, and those phrases can contain sensitive requests, names, internal topics, or other personal/business data. Persisting that text in a centralized JSONL file increases exposure through local file access, backups, debugging, and later report generation.

Ssd 3

Medium
Confidence
95% confidence
Finding
Placing the logging step at the top of any skill before work is done ensures broad and indiscriminate collection, including failed or exploratory invocations that may contain especially sensitive user content. That design favors maximum capture over data minimization and increases the amount of sensitive interaction context retained across the system.

Ssd 3

Medium
Confidence
97% confidence
Finding
The daily report republishes recent trigger text, which can surface sensitive user inputs to anyone who reads the report even if they did not have access to the original interaction. This amplifies the privacy risk by turning stored raw inputs into summarized, more broadly visible output.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal