Research Idea

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed business-idea research helper that starts a user-triggered background session, searches the web, saves a local research file, and returns results to the current chat.

Install if you are comfortable with user-triggered background research sessions, web searches about the idea, local storage under `~/clawd/ideas/`, and results being returned to the active chat. Use a private chat for confidential ideas and delete generated sessions or files when they are no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The template explicitly instructs the agent to create a directory and write a research file under `~/clawd/ideas/{IDEA_SLUG}/research.md` without any user-facing disclosure or confirmation. Although this appears intended for normal skill operation rather than abuse, it still causes persistent local filesystem writes based on user-provided idea data, which can surprise users and may create privacy, storage, or path-handling risks if not clearly bounded.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal