ClawHub

style-fingerprint

Security checks across malware telemetry and agentic risk

Overview

This writing-style skill is not clearly malicious, but it gives agents broader local file read, write, and delete capability than the documentation makes obvious.

Review carefully before installing. Use only simple fingerprint names without slashes, absolute paths, or '..'; avoid analyzing confidential drafts unless you are comfortable with a local JSON fingerprint and text excerpt being retained; and only export to paths you explicitly intend to create or overwrite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The delete capability allows removal of files in the skill-managed fingerprints directory, which exceeds the stated manifest purpose of analyzing and saving fingerprints. While deletion is limited to that directory, it still enables destructive actions against persisted user data and could be abused by an invoking agent or prompt chain to erase fingerprints unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The export command writes to an arbitrary user-supplied path, allowing the skill to create or overwrite files outside `./fingerprints/`, contrary to the declared scope. In agent environments, this kind of path write primitive can be chained to tamper with adjacent project files, agent configs, or other sensitive local artifacts if the process has permission.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill says it saves writing fingerprints to disk but does not clearly warn that analyzed text or derived stylistic data may persist locally and could contain sensitive personal or authorship-linked information. Users may submit private drafts, internal documents, or identifying writing samples without understanding the retention risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The delete command is documented without warning that removal is permanent, which can cause accidental destruction of saved fingerprints. In a tool that builds reusable writing profiles, irreversible deletion can lead to data loss and operational disruption, even if it is not a direct confidentiality breach.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal