ClawHub

Sister.skill

Security checks across malware telemetry and agentic risk

Overview

This is not malware-like, but it should be reviewed because it persistently stores plain-text profiles and logs about real people with broad retention instructions.

Install only if you are comfortable keeping local plain-text profiles about real people. Use explicit consent where possible, avoid health, financial, sexual, legal, private conflict, or secret details, prefer pseudonyms, regularly review or delete ~/.sister-skill/sisters/, and do not present generated responses as the real person's actual views.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README encourages users to store highly sensitive personal memories, relationship dynamics, and behavioral profiles, but its privacy section only says data is stored locally and does not clearly warn users about the sensitivity of that data or recommend minimizing identifiable/private details. Because this skill is explicitly designed to accumulate intimate personal information over time, the absence of a strong warning can lead users to input secrets, trauma details, and third-party personal information that may later be exposed through local compromise, backups, logs, or device sharing.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill persists personality profiles and interaction logs about real people, but the top-level description does not clearly warn users up front that their inputs will be stored across sessions. That creates a meaningful privacy risk because users may disclose sensitive third-party information without understanding that it will be retained locally and reused later.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly instructs persistent storage of sensitive interpersonal data under a user home directory, including memories, observations, emotional traits, and relationship dynamics, but provides no privacy notice, retention limits, consent guidance, or safeguards. In this skill’s context, the data concerns identifiable real people and can accumulate over time into detailed behavioral profiles, increasing the risk of privacy harm, unauthorized access, and misuse.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill is designed to accumulate detailed, persistent profiles of real people based on user memories and observations, then reuse them in later interactions. Even if data stays local, this creates a privacy and safety risk by normalizing long-term storage of potentially sensitive third-party attributes, interpersonal dynamics, and inferred emotional traits without the subject's knowledge or consent.

Ssd 3

Medium
Confidence
93% confidence
Finding
A persistent interaction log with repeated timestamping of every memory increases the sensitivity of the dataset by creating a longitudinal record of personal disclosures about identifiable real people. Such logs can expose behavioral patterns, relationship history, and sensitive anecdotes if accessed by other local users, malware, backups, or shared devices.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions to never overwrite, always load existing profiles, and timestamp everything encourage indefinite retention and continual reuse of personal disclosures. In this context, that makes the skill more dangerous because it profiles real people over time, preserves outdated or sensitive inferences, and increases harm if the local data is later exposed or misused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal