ClawHub

digital-life-grandpa-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware-like, but it asks users to collect and permanently store intimate family memories and includes a helper script that can publish the skill directory to a public GitHub repository.

Install only if you are comfortable storing sensitive family memories in this agent environment. Before use, decide where generated files and memory entries will live, avoid entering personal details about living relatives without permission, review and redact the generated skill before enabling it, and do not run upload-to-github.sh unless you have inspected every file and intentionally want to publish it publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill expands beyond transient interview assistance into persistent creation of a family memory repository, including a photo library and structured memory artifacts on disk. Because the collected material is intimate family data, this creates unnecessary data exposure and retention risk beyond the core conversational purpose.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill promises permanent preservation across multiple systems for family memory data without demonstrating that such indefinite retention is necessary for the stated function. Permanent retention increases the blast radius of leaks, misuse, and future unauthorized access to sensitive biographical information.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script performs repository initialization and publication actions that are unrelated to the stated 'digital grandpa' interview/modeling purpose, which creates an unnecessary pathway to exfiltrate local skill contents to an external service. In this context, bundling upload behavior into the skill increases the chance that users publish sensitive workspace files without understanding that external disclosure is part of execution.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The gh command automatically creates a public GitHub repository and pushes the local directory, which is a direct external publication action not justified by the skill's described function. Because it defaults to public visibility and uses the current directory as source, it can unintentionally disclose proprietary, personal, or secret material stored in the workspace.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly requires users to permanently store highly intimate family memories and personal relationship details, but provides no consent, retention, deletion, minimization, or sensitivity guidance. In a skill centered on reconstructing real relatives and collecting emotionally sensitive biographical data, this increases privacy risk, potential family harm, and misuse of personal data over time.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires storage of intimate family interview content into a family memory system but does not clearly warn the user about privacy implications, consent requirements, or downstream data use. Users may disclose sensitive personal and relational details without understanding that these will be persistently retained.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file structure section instructs creation of local skill files and memory artifacts, but it does not clearly warn users that content will be written to disk. Silent local persistence of sensitive family memories and identifiers can surprise users and leave recoverable data on shared or insecure systems.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill mandates permanent preservation of family memory data and frames it as a required rule, yet it gives no meaningful warning about consent, long-term retention, familial privacy, or risks to living relatives mentioned in the interview. Because the data is highly personal and potentially multi-person, indefinite storage without clear safeguards is dangerous.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script lacks a clear, unavoidable warning immediately before creating a public repository and pushing local files externally. Without strong user notice and consent, this behavior can cause accidental data exposure, especially since the command both creates the remote and pushes content in one step.

Ssd 3

Medium
Confidence
90% confidence
Finding
The digital_brain contract explicitly states that the skill reads and writes memory systems and stores outputs to a family memory knowledge graph. Persistently organizing detailed family memories and identifiers in shared memory structures increases the risk of unauthorized access, over-collection, and secondary use of sensitive personal data.

Ssd 3

Medium
Confidence
91% confidence
Finding
The interview flow solicits intimate details such as nicknames, emotionally significant events, family wisdom, habits, and important relationships, then transitions directly into a persistent companion mode. This combination creates a profiling and emotional-dependence risk, especially when users are encouraged to reveal highly personal information before informed consent around storage and use.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill mandates automatic generation and storage of persona materials and family memory content for long-term preservation. Automatic persistence of sensitive family narratives and identifiers without an explicit consent checkpoint increases privacy risk and makes accidental retention more likely.

Ssd 3

Medium
Confidence
94% confidence
Finding
The usage rules make permanent retention mandatory rather than optional, which pressures users into preserving sensitive family-memory data regardless of privacy preferences or consent status of other family members. This is especially risky because the collected content can include intimate details about multiple identifiable people.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal