ClawHub

05 内容总结

Security checks across malware telemetry and agentic risk

Overview

This is a local summarization tool with disclosed local storage and export behavior, but users should be aware it can retain their inputs on disk.

Install only if you are comfortable with content you summarize being saved locally in ~/.ai_summary.db. Avoid highly confidential notes unless local disk retention is acceptable, periodically clear or manage the database yourself, and be careful when exporting Markdown because the destination file may contain sensitive plaintext and may overwrite an existing file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The tool persistently stores raw user content and generated summaries in a local SQLite database even though it is presented primarily as a summarization/review utility. This creates a confidentiality and privacy risk because sensitive notes, meeting content, or project details may be retained on disk without clear disclosure, consent, retention limits, or access controls.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The export function writes Markdown to an arbitrary filesystem path supplied by the caller without any safety restrictions or prominent warning. In an agent context, this can overwrite or create files in unintended locations and may leak sensitive summarized content to disk where other users or processes can access it.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger phrases are very broad everyday requests such as summarizing a day, article, meeting, or project, which increases the chance of accidental or overly eager invocation in unrelated contexts. Unintended activation can expose user content to processing, file writes, or other side effects when the user did not explicitly opt into this skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Persistently storing user content without a clear user-facing warning about retention is a genuine security/privacy issue, especially for a tool likely to process sensitive business notes, meeting transcripts, or personal writing. The danger is amplified because the database is placed in the user's home directory and the code provides no visibility into retention, deletion, or protection of stored records.

Missing User Warnings

Low
Confidence
90% confidence
Finding
Although exporting inherently implies writing a file, the code does not clearly warn that potentially sensitive summary content will be saved to local disk. This is a lower-severity but real issue because users may unintentionally leave confidential material in plaintext Markdown files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal