ClawHub

Ambient Awareness Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is an openly documented local awareness daemon that logs sensor events, with no evidence of exfiltration, credential access, hidden persistence, or destructive behavior.

Install only if you are comfortable with a local daemon recording sensor events to disk. Keep watched paths narrow, do not point it at sensitive directories unless needed, and only add or enable third-party sensors you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The loader dynamically imports and executes Python code from file paths derived from registry and manifest data using spec_from_file_location(...) and exec_module(...). If an attacker can modify the registry, manifest, or referenced files, they can achieve arbitrary code execution during sensor loading, which is especially dangerous in an always-on awareness layer that may run automatically and persistently.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The daemon persistently writes full event objects and wake requests to JSONL files, including arbitrary sensor payloads and error details, without any consent, minimization, retention control, or access safeguards visible in this file. In an always-on awareness skill, sensor data can easily include sensitive environmental, behavioral, or personal information, so indiscriminate disk logging increases privacy and data exposure risk if the host is shared, compromised, or logs are later repurposed.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code executes Python modules implicitly as part of sensor discovery/loading, but provides no warning, consent boundary, or disclosure that local files referenced by manifests will be executed. In the context of an ambient-awareness skill, this hidden execution model increases risk because users or operators may treat sensor configuration as data when it is actually code execution.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal