ClawHub

research-synthesizer

Security checks across malware telemetry and agentic risk

Overview

This is mostly a normal web research helper, but it also tells the agent to save important research summaries into contact-linked local memory without clear opt-in or retention controls.

Install only if you are comfortable with a research skill that may run web searches and save important research summaries into contact-linked local memory. For sensitive topics such as business strategy, health, legal, finance, politics, or personal matters, remove or disable the memory-write rule or require explicit confirmation before anything is stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill’s stated purpose is research synthesis, but it also instructs the agent to write summaries into persistent per-contact memory files. That introduces hidden state and data retention unrelated to the user-visible task, which can store sensitive research topics or personal details without consent. In this context, the mismatch makes the behavior more dangerous because users invoking a simple research skill would not reasonably expect durable logging.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest promises a concise cited research answer, but the body also requires saving 'important' research to local memory files. This is a capability expansion beyond the declared behavior, which can mislead users and reviewers and cause sensitive user interests, business research, or contact-linked data to be retained unexpectedly. The skill context increases risk because research requests often involve confidential company strategy, competitor analysis, or private user inquiries.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and map to common language such as 'what do you know about' and 'look up,' which can cause the skill to activate unexpectedly in ordinary conversation. Unintended activation can lead to unnecessary web searches, disclosure of user prompts to external search services, or invocation of the skill’s hidden persistence behavior. Because this skill can write memory files, broad triggers are more dangerous than they would be for a purely local, read-only skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The markdown guidance repeats broad activation language without defining boundaries for when the skill should or should not run. This raises the chance of accidental invocation on casual user text, which can trigger network access and downstream storage of summaries. In this skill, ambiguous activation is riskier because the instructions include both web access and hidden persistence, amplifying the consequences of false activation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs the agent to write persistent memory files tied to a sanitized phone-number path without any user-facing notice or consent about data retention. This can capture sensitive personal or business information and preserve it beyond the immediate task, creating privacy, compliance, and cross-session exposure risks. The context makes it especially dangerous because research topics can reveal confidential interests, strategic plans, health/legal concerns, or identifying contact data.

Ssd 3

Medium
Confidence
98% confidence
Finding
Persisting conversation summaries into per-contact memory files can leak private user-provided information beyond the immediate research task and create longitudinal profiles tied to contact identifiers. Even summarized content may include proprietary company research, personal interests, or sensitive facts that can later be surfaced to other workflows or operators. In a research skill, this exceeds the least-privilege expectation and increases confidentiality risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal