ClawHub

ai-learning-journal AI学习助手

Security checks across malware telemetry and agentic risk

Overview

This is a local AI learning journal that saves Markdown notes; its broad triggers and persistence deserve awareness, but they are disclosed and aligned with the skill’s purpose.

Install this only if you want an AI-learning journal that may turn casual AI-related comments into saved local Markdown notes. Avoid putting secrets, client data, private work details, or sensitive personal information into entries, and periodically review or delete files in the records directory if you do not want long-term retention.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill is configured to trigger on extremely broad and casual mentions of AI-related activity, including offhand comments like trying a model once. This can cause the agent to activate and begin structured data collection or persistence in contexts where the user did not clearly intend to use the skill, increasing the risk of surprise actions and privacy-invasive behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Trigger examples like 'how should I use this?' or 'any best practices?' are context-ambiguous and may match many unrelated conversations. In isolation this is less severe than automatic file writes, but it still increases the chance of unintended activation and inappropriate access to prior records for context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs automatic creation and modification of persistent local files as part of normal operation, but does not require explicit user notice or consent before storing data. This is dangerous because users may disclose sensitive notes, plans, or usage history without realizing that the information will be written to disk and indexed for later retrieval.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes a concrete local filesystem path for storage and instructs use of that location without presenting any privacy or safety warning. While the path disclosure itself is not code execution, it normalizes silent persistence in a specific user directory and can increase privacy risk by making sensitive learning history predictably stored and easier to target or inspect by other local processes or users.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The listed trigger phrases are very broad, natural-language requests that a user could reasonably say in many contexts, which makes accidental or overly broad invocation plausible. In an agent skill, unclear activation scope can cause the skill to engage when the user did not intend to update or query this journal, leading to unintended data capture, persistence, or workflow hijacking.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal