ClawHub

TreeListy

Security checks across malware telemetry and agentic risk

Overview

TreeListy is a coherent local planning skill with an optional, user-directed WebSocket push feature that should be used only with trusted destinations.

Install only if you are comfortable using a Node-based local CLI with the ws dependency. Avoid putting secrets, regulated data, or third-party personal details into trees unless you have permission and a retention plan. Use the push command only with your own trusted local TreeListy bridge; do not pass a token or use --host for a remote destination unless you trust that endpoint and network.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
This module transmits full tree data to a live service over a WebSocket, which expands the skill from local planning/export into networked data exfiltration or remote delivery. In the context of a planning skill, trees may contain sensitive project structure, tasks, notes, or identifiers, and the code allows sending that data to an arbitrary host without clear restriction or explicit user-consent enforcement in the module itself.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code builds a WebSocket URL from user-supplied host and port and initiates outbound connectivity, including to non-local hosts, despite the skill being described primarily as a decomposition/export tool. This creates SSRF-like or unintended outbound communication capability that could be abused to send internal planning data to attacker-controlled infrastructure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The family tree pattern explicitly encourages collection of highly sensitive personal and quasi-identifying data, including birth/death details, spouse names, occupations, photos, and DNA information, without any privacy notice, minimization guidance, or handling restrictions. In a planning/organization skill, this normalizes storing sensitive family data that could enable identity theft, doxxing, profiling, or non-consensual processing of relatives' information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The email workflow pattern describes storing recipient addresses, subject lines, message bodies, and thread identifiers without warning users that this may include personal, confidential, or regulated communications data. In an agent skill context, this increases the risk of accidental ingestion, retention, sharing, or downstream processing of sensitive correspondence.

Missing User Warnings

High
Confidence
97% confidence
Finding
The freespeech pattern goes beyond transcription and explicitly promotes psychological pattern detection, hidden pattern analysis, contradictions, silences, and implicit beliefs, which can infer sensitive mental-state or personality information from speech. Without strong warnings, consent requirements, and limits on inference, this creates elevated privacy and profiling risk, especially because users may process recordings involving third parties or vulnerable individuals.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The `familytree` pattern explicitly models highly sensitive personal and familial data, including birth/death details, marriage information, occupation, photo URLs, and especially `dnaInfo`. Even though this file is only a schema/config definition, exposing these collection fields without any built-in warning, consent prompt, minimization guidance, or sensitivity labeling materially increases the risk that downstream UI will solicit and store regulated or intimate personal data without adequate safeguards.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The `gmail` pattern is designed to ingest email thread content and metadata such as recipients, message bodies, sender identities, and thread IDs, all of which can contain confidential, personal, or business-sensitive information. A pattern that normalizes collection of this data without any warning, classification, or restrictions can lead downstream components to process private communications unsafely or beyond user expectations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `freespeech` pattern goes beyond ordinary note-taking by encouraging collection of verbatim speech plus inferred psychological interpretations, hidden patterns, contradictions, and emotional intensity. That combination creates a high-risk profiling capability involving potentially sensitive behavioral and mental-state inferences, and the absence of warnings or safeguards makes misuse or overcollection substantially more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The module sends both tree contents and an optional authentication token over a plain ws:// connection with no built-in disclosure, consent flow, or transport security. That combination can expose sensitive data and credentials to local or network interception, especially if the host is changed from localhost to a remote system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal