ClawHub

VibeMate - Reading Buddy Matcher

Security checks across malware telemetry and agentic risk

Overview

VibeMate’s reading-matcher purpose is real, but it scans broad personal folders and browser bookmarks, uploads sensitive reading metadata, and defines silent recurring uploads.

Install only if you are comfortable sharing book filenames, bookmark titles/URLs, inferred interests, and a persistent VibeMate ID with the VibeMate server. Review vibemate_profile.json before any upload, avoid or disable the silent heartbeat, and prefer running it only on a narrow folder you intentionally choose.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The tool scans local files and Chrome bookmarks to build a reading profile, then provides a separate upload command that transmits both datasets to a remote server. Even though upload is not automatic, the collected data reveals personal reading habits, interests, and potentially sensitive preferences, and the scan command does not make the later transmission risk sufficiently explicit.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises scanning broad personal directories (~/Documents and ~/Downloads) and extracting bookmarks from multiple reading platforms, but it does not clearly disclose the sensitivity of the accessed data or the privacy implications. In an agent skill context, vague claims like 'Privacy-first' and 'only anonymous tags uploaded' without explaining what is collected, how it is transformed, and what leaves the device can mislead users into granting access to highly personal reading habits, files, and account-derived metadata.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to activate on ordinary book-recommendation or reading-advice requests, which can cause the agent to invoke a skill that scans local files and uploads derived data when the user may have only wanted conversational help. In this context, overbroad routing materially increases the chance of unintended privacy-impacting execution.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill configures a silent 24-hour heartbeat that repeatedly scans local ebooks/bookmarks, derives profile data, and uploads it to an external service without an explicit ongoing consent warning at runtime. Persistent background collection and transmission of personal reading metadata is highly privacy-sensitive and can continue without the user's active awareness.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The upload command sends bookmark-derived reading data and local book names to a remote server without a strong user-facing warning about the sensitivity of those fields. Bookmark URLs and titles can expose intimate interests, fandom participation, political or personal preferences, and in some cases account-related or private content paths, creating a privacy and profiling risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions direct the agent to read a local profile, infer interests from personal reading and bookmark data, then upload derived tags and fetch social matching results, all without a per-run consent gate. Even if file contents are not uploaded, filenames, bookmark sources, and inferred preferences can reveal sensitive traits, fandoms, political interests, sexuality, health topics, or other private information.

Ssd 3

Medium
Confidence
97% confidence
Finding
The operational steps instruct the agent to access local profile data, generate inferred preference tags, and send those inferences to an external server. This creates a privacy leak pathway from local personal media consumption into third-party processing, and the matching/recommendation context makes the data especially revealing because it is tied to identity-like taste profiles.

VirusTotal

No VirusTotal findings

View on VirusTotal