ClawHub

Mini Diary

Security checks across malware telemetry and agentic risk

Overview

Mini Diary is a coherent local journaling skill with optional NextCloud sync, but users should be careful with cloud-sync setup and documented admin commands.

Install only if you are comfortable storing diary entries in local Markdown files. Leave NEXTCLOUD_SYNC_DIR unset unless you intentionally want cloud sync, and review NextCloud sharing, backups, and server access first. Do not run the documented sudo chown or docker commands unless you have verified the exact target path and understand the permission impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The usage guide tells users to run privileged host and container commands (`sudo chown`, `docker exec ... chown`, `php occ files:scan`) as part of normal operation for a diary app. While this appears intended as troubleshooting guidance rather than abuse, instructing elevated operations outside the app's core function increases the chance of accidental system modification, especially if users substitute the wrong path, container, or username.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The script’s security claims are overstated: although it is read-only, DIARY_FILE is attacker-controllable and may point to any file under HOME or the current working directory. In an agent context, this can expose unrelated sensitive local files such as SSH configs, tokens, notes, or app secrets if another component can set environment variables or invoke the script with a chosen working directory.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The path validation does not prevent arbitrary file reads; it only blocks a few system directories while still allowing any resolved path within the user’s home or current directory. In a skill/agent setting, that broad access is dangerous because user-controlled environment input can turn a diary search utility into a general local file reader for sensitive user-owned data.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README advertises optional NextCloud cloud sync but does not warn users that diary entries may be transmitted to external infrastructure and could contain sensitive personal or work-related content. For a journaling skill, this omission matters because users may reasonably store private notes, client details, or project information and enable sync without understanding the privacy and security implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill handles highly sensitive diary content, yet the cloud-sync section does not clearly warn users that entries may be copied into a NextCloud-managed location with different access controls, backups, sharing settings, or server exposure. In the context of personal journaling, weak privacy disclosure is more dangerous because users may reasonably assume entries remain local while unintentionally broadening who can access them.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide recommends recursive ownership changes with `sudo chown -R www-data:www-data` on a user-supplied path. If the path is mistyped, overly broad, or expanded unexpectedly, users can break system integrity or expose unrelated files to the web service account, which is a meaningful safety risk in documentation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal