ClawHub

Proactive Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it asks the agent to store broad conversation and profile details by default without enough consent, retention, or redaction controls.

Install only if you intentionally want an agent that keeps persistent workspace memory and takes initiative. Before use, set strict boundaries for what files it may write, forbid storing passwords/tokens/cookies/private IDs, require confirmation before external actions or spawned agents, and periodically review or delete the memory files it creates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The skill expands its operational scope beyond stated goals of memory/proactivity into broad external capability use, including browser, CLI, web search, and spawning agents. In an agent setting, this increases attack surface and can enable unexpected outbound actions or risky tool invocation without a narrowly defined task boundary.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The WAL trigger scans every message for very broad categories like corrections, proper nouns, preferences, and values, causing the persistence mechanism to activate on routine conversation. Over-broad natural-language triggers are dangerous because they normalize indiscriminate storage of user content and make privacy-sensitive writes happen by default.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The compaction recovery trigger includes ambiguous conditions such as 'you should know something but don't,' which can fire in many ordinary uncertainty cases. Ambiguous autonomous recovery behavior can cause unnecessary reading and rehydration of prior stored conversations, increasing privacy exposure and unintended retention.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs persistent logging of exchanges and auto-population of user profile and identity files without a clear privacy notice, retention policy, or consent flow. This is risky because users may disclose sensitive information in normal conversation without understanding it will be stored across sessions.

Ssd 3

Medium
Confidence
93% confidence
Finding
Automatically populating persistent files from user answers and requiring logging as part of normal onboarding creates a direct data retention risk. Natural-language interactions often contain personal, confidential, or regulated data, and this design stores it by default without minimization or necessity checks.

Ssd 3

High
Confidence
97% confidence
Finding
The WAL protocol instructs the agent to scan every message and immediately persist sensitive categories including names, preferences, decisions, IDs, URLs, and corrections before responding. This creates systematic collection of potentially sensitive user data and converts ephemeral chat into durable storage, increasing breach, misuse, and prompt-leakage impact.

Ssd 3

High
Confidence
98% confidence
Finding
The working-buffer protocol mandates capturing every exchange after a context threshold, including the user's full message and response summaries. Wholesale transcript retention is especially dangerous because it accumulates sensitive content indiscriminately and preserves data that users may expect to remain transient.

Ssd 3

Medium
Confidence
87% confidence
Finding
The compaction recovery flow instructs the agent to read raw buffered exchanges and extract important context back into persistent state, extending the lifetime and spread of prior user communications. This increases the risk of over-retention, cross-context leakage, and propagation of sensitive data into long-lived memory files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal