ClawHub

Essay Writing

Security checks across malware telemetry and agentic risk

Overview

This is a writing-assistant skill whose profile reading and web lookup behavior are disclosed and tied to personalized, fact-checked essay drafting.

Before installing, know that this skill may read a dedicated personal writing profile from your home directory and may use web search for factual support. Keep sensitive details out of the profile unless you want them considered for drafts, and review the required privacy-check step carefully before approving any article for publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a writing aid, but its workflow instructs the agent to read a persistent local profile file containing personal information. That is a capability expansion beyond what the manifest signals, and it can lead to collection and reuse of sensitive user data without clear prior consent or scope limitation.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest describes essay writing, but the workflow also directs the agent to perform web searches for supporting data. Undeclared network access changes the trust boundary, may transmit user topics externally, and can surprise users who expected an offline drafting skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The invocation description is broad enough to match many ordinary writing requests, increasing the chance that this skill activates outside a narrowly intended scope. Because the skill then reads persistent profile data and may use web search, overbroad triggering can expose user data or externalize prompts in contexts where that behavior was not expected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal