ClawHub

说人话

Security checks across malware telemetry and agentic risk

Overview

This is a writing-assistant skill with disclosed web research and style-memory behavior that fits its purpose, though users should be aware it can persist writing preferences.

Install if you are comfortable with a writing helper using web search for current topics and keeping a persistent writing-style profile. Avoid confidential drafts or sensitive topics in searches, periodically review or delete /workspace/memory/evolution/user-writing-style.md, and ask the agent not to update memory when you want a one-off rewrite.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs persistent storage of a user's writing-style profile and ongoing maintenance of that file, but it does not establish clear retention limits, minimization rules, or user consent. This creates a privacy and data-governance risk because user edits, preferences, and potentially sensitive writing traits may be retained and reused across sessions without transparent notice or necessity boundaries.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill expands from text polishing into live network access by requiring world time lookups and web searches for background research. That broadens the data-access surface beyond the core writing function and can expose user topics or prompts to external services, especially when the user may expect only local rewriting assistance.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad everyday phrases such as '写文章' and '生成正文', which can cause accidental invocation outside the user's intended context. Over-broad activation increases the chance that the skill runs unexpectedly, performs network searches, or writes to persistent memory when the user did not knowingly invoke it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to persistently write user writing preferences to a workspace file without clearly informing the user that their data will be stored. Lack of explicit notice and consent is dangerous because users may unknowingly provide content that becomes durable profile data, including stylistic signals or sensitive personal details embedded in edits.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to record and reuse user writing traits and revision behavior across sessions, which can preserve user-provided content patterns and potentially sensitive information. In context, this is more dangerous because the feature is framed as automatic maintenance and repeated pre-read of memory, making cross-session resurfacing and unintended data retention likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal