ClawHub

Chronicle

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it gives agents broad permission to inspect current and recent screen history when ordinary user requests are ambiguous.

Install only if you are comfortable with an agent inspecting your current screen, recent screen history, OCR-derived screen text, and persisted Chronicle summaries. Before using it, consider narrowing the instructions so it runs only when you explicitly ask for screen context or refer to visible/recent work, and require confirmation before reviewing historical recordings or memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill directs use whenever a request is ambiguous, which is far broader than a narrowly scoped, consent-based screen access trigger. Because the skill exposes live screen contents plus several hours of history, this guidance can cause unnecessary collection of highly sensitive data for routine clarification, violating least-privilege and data-minimization principles.

Missing User Warnings

High
Confidence
98% confidence
Finding
The description emphasizes that the skill should be used broadly, but does not clearly warn the user that using it may access several hours of recorded screen history and persisted memory summaries. In a context involving screen recording and indefinite memory artifacts, missing prominent notice materially increases the risk of covert over-collection and user surprise around sensitive data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal