ClawHub

Midas Skill — Self-Learning Wealth Extraction Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is not executable malware, but it asks users to mine highly sensitive personal and workplace data over time with insufficient upfront privacy controls.

Install only if you are comfortable manually sharing sensitive data with the agent and managing the resulting local memory yourself. Do not paste confidential employer data, private third-party messages, credentials, regulated personal data, full browsing histories, or raw camera rolls unless you have authorization and have redacted unnecessary details. Treat its business and investment outputs as brainstorming, not professional financial, legal, or compliance advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (44)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The README claims extraction is limited to voluntarily provided or publicly available data, but the documented examples encourage users to submit Slack messages, screenshots of conversations, browsing history, and photos that often contain third-party or workplace-confidential information. This creates a misleading privacy boundary and can normalize collection of sensitive data under a false sense of safety.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file includes a disclaimer that it is not investment advice, but elsewhere provides concrete, imperative-style investment actions such as waiting for a discount, buying and holding forever, and using OPM through insurance if possible. In the context of a skill explicitly designed to extract 'money signals' and generate personalized monetization strategies, this contradiction can mislead users into treating the content as actionable financial guidance while reducing perceived accountability.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The pipeline explicitly logs session contents, opportunities, evidence chains, and confidence changes across sessions, creating persistent memory beyond a single analysis run. In a skill that ingests chats, photos, browsing history, purchases, and complaints, this increases privacy, profiling, and unauthorized secondary-use risk if data is retained without strict limits, consent, and access controls.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The recommendation stage instructs concrete offline actions like texting identified individuals and physically visiting a construction site to collect more information. That goes beyond passive analysis and can facilitate intrusive outreach, surveillance, or misuse of third-party information derived from personal communications and observed activity.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad and conversational, such as 'mine this' and 'what am I missing', which can easily occur in ordinary dialogue. That raises the risk of accidental activation in contexts where users did not intend to invoke a data-mining or monetization workflow.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README explicitly invites submission of sensitive personal and workplace data, including Slack messages, text conversation screenshots, photo rolls, and browsing history, without clear warnings about privacy, confidentiality, third-party consent, or retention. In this context, users may expose trade secrets, personal identifiers, or private communications to a system designed to persist and monetize extracted signals.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill describes persistent cross-session learning and cumulative signal building without a clear warning that personal data may be stored, linked, and reused over time. Longitudinal aggregation substantially increases privacy risk because individually innocuous inputs can become highly sensitive when correlated.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match ordinary conversation such as 'what am I missing' or 'deal analysis', which can activate the skill unintentionally in unrelated contexts. In this skill, accidental activation is more dangerous because activation leads directly into soliciting sensitive personal, workplace, and behavioral data for monetization analysis.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest includes ambiguous trigger words like 'mine this', 'what money signal', and 'what am I missing', which are insufficiently scoped and likely to overlap with benign user requests. Because the skill is designed to encourage ingestion of chats, histories, and notes, unintended invocation can cause privacy-invasive prompts or processing in situations where the user did not mean to use this capability.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly asks users to submit Slack threads, screenshots of texts, photos, complaints, browsing logs, and purchase lists without meaningful privacy warnings or confidentiality safeguards. This creates a clear path for disclosure of personal data, third-party data, internal business information, and potentially regulated or contractually protected material.

Missing User Warnings

High
Confidence
98% confidence
Finding
The input guide normalizes submission of highly sensitive categories including chats, browsing history, purchase history, meeting notes, and social feeds, but does not pair that guidance with adequate warnings about confidentiality, consent, or data minimization. In context, this substantially increases the chance users will paste private or employer-sensitive material into the system for monetization analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly analyzes a person's browsing history, purchases, searches, community activity, and inferred future behavior to derive monetization opportunities, yet provides no privacy warning, consent boundary, or limitation on profiling. In the context of this skill, this is more dangerous than a generic analytics example because the stated purpose is to mine everyday personal data into 'wealth signals,' encouraging behavioral profiling and secondary use of sensitive personal activity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file explicitly frames a user's browsing history as input for monetization and opportunity analysis, but provides no notice about consent, data minimization, or privacy boundaries. Because browsing history is highly sensitive behavioral data, normalizing its analysis without safeguards can enable invasive profiling, unexpected secondary use, and user harm if deployed on real personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This example file contains a highly granular behavioral profile built from browsing history, YouTube viewing, purchases, searches, location-linked gardening queries, and community participation. Even without an explicit real name, this kind of longitudinal activity data is sensitive and can enable profiling, re-identification, targeted manipulation, or privacy harm—especially in a skill explicitly designed to mine personal signals for monetization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This file explicitly frames internal Slack messages, coworkers' complaints, work habits, and named individuals' activities as material to be 'mined' for monetization opportunities, without any privacy safeguards, consent requirements, minimization guidance, or warning about confidential business information. In the context of a skill whose stated purpose is extracting 'wealth signals' from private daily information streams, this materially increases the risk of surveillance, misuse of workplace communications, exposure of sensitive company data, and inappropriate profiling of employees or business relationships.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file explicitly recommends contacting a coworker to obtain a sample internal contractor status report, which can contain non-public operational, personnel, client, or vendor information. In the context of a skill designed to mine workplace communications for monetizable opportunities, this normalizes using internal business data for external commercial validation without any consent, authorization, or privacy safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explicitly describes mining a user's private photo roll to infer habits, spending, routines, and likely vulnerabilities without any privacy warning, consent boundary, or minimization. In the context of a monetization-focused skill, this profiling is not merely analytical; it encourages converting intimate personal data into exploitable signals, which creates substantial privacy and misuse risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This section extracts third-party information from saved images, including a named business contact and message content from another person, then frames those details as monetization opportunities. That exposes other individuals' private data and encourages repurposing their information without their knowledge or consent, increasing privacy, confidentiality, and social-engineering risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file explicitly encourages mining a user's photo roll to infer behavioral patterns, purchasing habits, location preferences, and monetization opportunities, but provides no warning or guardrails about the sensitivity of personal images and derived inferences. This is dangerous because photo libraries often contain highly sensitive metadata and contextual clues about routines, finances, social graph, and physical locations, enabling intrusive profiling and privacy harm if processed without clear consent, minimization, and disclosure.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
This finding is a true issue because the file moves from descriptive profiling into directly actionable, second-person guidance such as 'Don't diversify — concentrate' and 'bet everything.' In the context of a skill explicitly designed to extract 'money signals' and generate personalized wealth strategies, this language can reasonably be interpreted by users as prescriptive financial advice despite the disclaimer, increasing the risk of harmful financial decision-making.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to process highly sensitive behavioral and interpersonal data sources, including chats, photos, browsing history, purchases, and complaints, to infer monetizable signals. Without clear privacy warnings, consent requirements, and boundaries on third-party data use, users may submit data that exposes non-consenting individuals and enables profiling far beyond ordinary analysis.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The evolution log stores retained session data, evidence chains, and opportunity histories without any explicit disclosure of retention period, auditability, or privacy implications. Because the logged material may contain cross-linked behavioral and relational data over time, it materially increases the harm from breach, misuse, insider access, or compelled disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The framework explicitly prioritizes analyzing private communications, workplace chats, photos, and browsing history to extract monetizable signals, but provides no privacy guardrails, consent requirements, or data-minimization guidance. That creates a real risk of inappropriate collection and inference from sensitive personal and employer data, even if the stated goal is commercial insight rather than direct abuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly tells users to copy-paste entire Slack/Teams histories and includes DMs as high-signal input, which strongly encourages disclosure of private, confidential, and third-party data. Although ethical guidance appears later, the local instruction lacks an immediate warning or minimization step, so users are nudged toward oversharing before they see any safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The photo-export guidance instructs users to export camera rolls and include receipts, products, events, and workspace images without warning that photos may contain geolocation metadata, faces, home/work details, financial information, and other personal identifiers. This creates a predictable privacy leakage path, especially because camera rolls often contain far more sensitive context than users realize.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal