ClawHub

Book Librarian

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward local reading tracker and recommender with disclosed file storage and no executable code or hidden high-risk behavior.

Install this if you are comfortable with a skill keeping local reading and preference records in workspace files and occasionally using web search for new recommendations. Review or delete the books and memory files if you do not want that history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The README makes a user-consent assurance ('ask before creating anything') while also documenting automatic creation of directories and files on first use, which is a contradictory and misleading description of side effects. In an agent skill context, this can cause users to approve or invoke the skill under false assumptions about filesystem writes, weakening informed consent and trust boundaries around local file modification.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is configured to run on broadly defined 'book-related' triggers and then perform file existence checks and potentially initiate setup flows. This can cause the skill to activate in contexts where the user did not intend persistent file operations, increasing the risk of unexpected access to reading-history data or unintended creation/modification of local files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to create directories, copy templates, and write user preference data to persistent files without presenting a clear upfront warning about storage, privacy, and modification behavior. Even though it asks for setup consent, users are not clearly informed what data will be stored and where, which can lead to unanticipated retention of personal preference data and filesystem changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal