ClawHub

◉ Qronos

Security checks across malware telemetry and agentic risk

Overview

Qronos is a coherent external guidance skill, but it can send sensitive personal decision questions and identifying details to a third-party service without a clear user opt-in step.

Review before installing. Use Qronos only when you intentionally want a third-party service involved, confirm before sending any question, avoid DOB/gender unless truly needed, and do not rely on it for medical, legal, financial, safety, or major relationship decisions without professional or human judgment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill extends beyond decision guidance into account management, billing visibility, consultation history, transaction history, and API key reset workflows. This broadens the data and action surface unnecessarily, exposing sensitive financial/account metadata and enabling actions unrelated to the core advisory function if the skill is invoked in a permissive environment.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The registration flow directs the agent to collect and transmit the human owner's email address to a third-party service, even though email is not necessary to answer a single consultation question. This introduces avoidable personal-data collection and external transmission, increasing privacy risk and potential misuse of identifiable information.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation cues are broad enough to match many ordinary user questions, causing the skill to trigger on highly sensitive relationship, trust, health, career, and finance topics with little boundary control. In context, this can route intimate user data to an external API too aggressively and normalize use of an opaque advisor for high-stakes decisions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Additional trigger categories like trust, fidelity, scams, and life direction remain open-ended and overlap with common conversational prompts. This increases the chance that the agent will capture and transmit sensitive allegations, suspicions, or personal dilemmas to the external service without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The consultation request transmits the user's question, precise local timestamp/timezone, and optionally date of birth and gender to an external API, but the skill does not provide a clear upfront warning at the point of use. Because the covered topics include relationships, fidelity, finance, health, and trust, the missing disclosure materially increases privacy and consent risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill exposes consultation history and transaction history endpoints without prominently warning that prior sensitive questions and purchase metadata may be retained and retrievable. In this context, stored records can reveal intimate personal concerns, purchasing behavior, and timestamps, increasing long-term privacy exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal