ClawHub

IBT: Instinct + Behavior + Trust

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only agent behavior framework with disclosed preference memory, not code that installs, executes, exfiltrates, or modifies systems.

Safe to install as an instruction-only skill if you are comfortable with local preference memory. Review USER.md periodically, delete stale or personal entries, and avoid allowing implicit preferences to be saved unless the user has clearly agreed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill’s permission model says implicit or learned preferences must not be written persistently without human consent, but the later preference-learning section instructs storing learned preferences in USER.md and applying them automatically. That contradiction can cause agents to persist behavioral inferences about users without clear consent, creating a privacy and policy-violation risk even if the data is framed as non-sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These examples normalize checking and retaining user preferences, including across interactions, without any disclosure, consent flow, retention boundary, or opt-out. That can lead implementers to build silent behavioral profiling or memory features that collect personal data beyond user expectations, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This example explicitly depicts implicit cross-session learning from user behavior over several sessions without informing the user that behavior is being observed and stored. Such silent persistence is privacy-sensitive and can expose users to unexpected profiling, data retention, and misuse of inferred preferences.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The instruction to use a default such as 'short-first on Telegram' applies channel-specific behavior without user opt-in or reliable channel detection. This can lead agents to make unwarranted assumptions about user preferences and context, which is especially risky in a skill that also encourages learning and reusing preferences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal