ClawHub

ClawdTalk Persona Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a coherent caller-memory plugin, but it should be reviewed because it persistently stores detailed caller profiles, call summaries, and optionally full transcripts without clear consent, retention, or deletion controls.

Install only if persistent caller profiling is intentional for your use case. Use a trusted Persona API server, protect the API key, avoid passing call IDs unless full transcript ingestion is acceptable, and ensure callers receive appropriate notice, consent, retention limits, and a way to review, correct, or delete stored information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to maintain persistent caller identity and memory across calls, including personality, factual identity, and episodic history, without any requirement to notify the caller or obtain consent. In a voice-call context, this creates a substantial privacy risk because sensitive personal data is accumulated over time and can be used or exposed without the subject's knowledge.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs the agent to log detailed call summaries and states that providing a call ID causes the backend to automatically fetch the full transcript, yet there is no instruction to warn participants that recording/transcript ingestion may occur. This is dangerous because call transcripts often contain highly sensitive personal data, and silent collection materially increases privacy, compliance, and misuse risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to persist sensitive personal data across calls, including identity details, personality traits, episodic memories, and prior call context, without any instruction to obtain informed consent or provide notice. In a calling context, this creates a meaningful privacy risk because users may disclose sensitive information conversationally without realizing it will be retained and reused later.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that providing a call_id causes the backend to auto-fetch the full transcript, but it does not warn the user or operator that complete call content may be ingested and retained. Full transcripts often contain highly sensitive personal, financial, medical, or authentication information, so automatic capture substantially increases privacy and compliance exposure.

Ssd 3

High
Confidence
99% confidence
Finding
The skill requires systematic long-term retention of caller-provided personal details across calls, building a durable profile of each person over time. In the absence of consent, minimization, or retention boundaries, this creates a high-risk surveillance-like memory store that can expose sensitive personal information or enable inappropriate profiling.

Ssd 3

High
Confidence
98% confidence
Finding
The instructions require detailed post-call summaries and allow automatic retrieval of full transcripts when a call ID is supplied, significantly expanding the amount of personal conversation data retained. This is especially risky in a telephony setting because callers may disclose health, family, financial, or emotional information that should not be persistently stored without strong safeguards and notice.

Ssd 3

High
Confidence
99% confidence
Finding
The agent is instructed to extract and store identity facts, personality traits, and dated episodic memories from every conversation, while preserving all prior versions indefinitely. This materially increases harm because it enables cumulative profiling and permanent retention of sensitive inferences about a person, even when those details may be subjective, unnecessary, or outdated.

Ssd 3

High
Confidence
98% confidence
Finding
The skill is designed to retain and reuse detailed caller information across calls, including memories and context intended to shape future conversations. In this context, that behavior creates a durable natural-language data store that can expose personal information to future prompts, operators, or downstream systems beyond what the caller reasonably expects.

Ssd 3

High
Confidence
97% confidence
Finding
These instructions require logging detailed call summaries, permit automatic transcript retrieval, and direct the model to save inferred facts and memories into versioned records. That combination amplifies risk because both raw and derived personal data are accumulated over time, making the stored profile richer, harder to delete, and more damaging if exposed or misused.

Ssd 3

High
Confidence
98% confidence
Finding
The skill mandates always adding episodic memory from each call and continuously merging identity data, which encourages indefinite accumulation of personal information with no stated limit or pruning. In a conversational agent, this makes the context more dangerous, not less, because future interactions can surface intimate details unexpectedly and create long-term privacy, profiling, and secondary-use risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal