ClawHub

Roundtable

Security checks across malware telemetry and agentic risk

Overview

Roundtable appears to do what it advertises: run a multi-agent council with web research and local session logs, with the main caution being that prompts and outputs can be saved locally.

Install only if you want multi-agent answers and are comfortable with extra model calls and web searches. Run setup and choose no logging for sensitive work, or review and delete files under memory/roundtable/ as needed. Avoid putting credentials, secrets, personal data, or proprietary material in prompts when logging or web research is enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The documentation states that full questions, round summaries, and final syntheses are persisted to memory/roundtable/, which materially expands the skill from transient debate to durable data retention. In a multi-agent skill that may process sensitive business, code, research, or personal content, this creates confidentiality and retention risk if users are unaware or logs are later accessed by other tools, agents, or users.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The session logging section says the skill stores the original question and model outputs, but it does not warn users that sensitive prompts, proprietary data, credentials, or personal information may be written to persistent storage. Because this skill is designed for complex decision-making and code/research review, users are likely to submit high-value confidential material, making silent persistence more dangerous in context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill can activate on broad natural-language phrases like 'ask the council' and 'get multiple perspectives,' which may match ordinary conversation rather than an explicit command. In a skill that spawns multiple sub-agents, performs web searches, and may log outputs, accidental activation can trigger unnecessary external actions, cost, and possible data exposure from innocuous user text.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to save the original question, agent outputs, synthesis, models, and timestamp to disk after each run, but the primary description does not prominently warn users that their content may be persisted. This creates a privacy and compliance risk because users may disclose sensitive data during normal use without realizing it will be retained in workspace memory.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions explicitly retain the user's original question and conversation-derived agent content in persistent storage, which is a direct data retention risk in a multi-agent skill likely to process proprietary, personal, or confidential prompts. Because multiple agent summaries and synthesized conclusions are stored together, the log can concentrate sensitive information and increase the blast radius of any later workspace disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal