ClawHub

Rules Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed proactive-memory skill, but it gives the agent broad persistent-memory and automatic-trigger behavior that users should review before installing.

Install only if you want an agent to maintain ongoing local memory and proactive routines. Before use, restrict which files it may write, decide what may be stored about you or your work, disable or approve cron/autonomous-agent behavior explicitly, and review memory files periodically for sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill defines auto-trigger conditions such as 'daily heartbeat', 'task completion keywords', and generic 'user request' without clear scoping, authorization checks, or precise trigger definitions. This can cause the skill to run unexpectedly, creating unwanted memory writes, noisy reporting, or interference with other workflows, especially in agent environments where trigger phrases may appear incidentally.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The auto-trigger section uses broad conditions such as heartbeat, task-completion marker words, and user requests without defining precise matching logic or scope. In an agent environment, ambiguous trigger rules can cause unintended activation, extra memory writes, or unsolicited reporting, which may interfere with user tasks and leak workflow metadata into persistent storage.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal