ClawHub

Style Learner

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed writing-style extraction helper that may save style profiles, so users should be deliberate about where private document-derived patterns are stored.

Before installing, decide whether extracted style profiles may be saved to MEMORY.md or a shared knowledge base. Use it only on documents you are allowed to analyze, review the generated profile before saving, and avoid storing author-identifying habits or confidential project details unless that is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill explicitly states it can save extracted style guides to MEMORY.md or another location, but it does not warn the user that local files may be created or modified. In an agent context, silent persistence can surprise users, overwrite existing content, or store sensitive information from analyzed documents without clear consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs saving extracted style profiles to persistent storage ('MEMORY.md' or a team knowledge base) but provides no consent step, retention limits, access controls, or warning that writing style can reveal personal attributes and authorship patterns. Because the input may come from Feishu or other document sources and may include author-linked collaboration habits, this creates a real privacy and data-governance risk rather than a purely theoretical concern.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal