ClawHub

Apollo Epi

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it asks an agent to preserve learned information across sessions with broad triggers and weak consent boundaries.

Install only if you want an agent to manage cross-session learning state. Require confirmation before anything is written to MEMORY.md, fine-tuning data, or a new skill, and avoid storing secrets, credentials, sensitive personal data, or unreviewed operational details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The read_when conditions are broad everyday concepts like learning, accumulation, and fine-tuning, so the skill can activate during ordinary conversation rather than only when the user explicitly wants persistence behavior. Because the skill is about retaining and propagating learned experience across sessions, accidental activation increases the chance of collecting or storing user preferences or task-derived data without clear consent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list contains generic terms such as 学习, 传承, 积累, and fine-tuning, which are likely to appear in normal discussion and therefore create ambiguous invocation boundaries. In a skill designed to write knowledge into persistent artifacts, generic triggers raise the risk of unintended activation and unauthorized retention of conversation-derived information.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section explicitly describes writing learned experience into persistent artifacts such as MEMORY.md, fine-tuning data, and long-term skills, but it does not require user notice, consent, or data minimization. That is dangerous because it can turn transient conversation content, preferences, or sensitive operational details into durable cross-session state, increasing privacy, compliance, and prompt-injection persistence risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal