ClawHub

stealth-break

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed macOS wellness reminder skill with persistent cron-based reminders, but no hidden payload, credential access, exfiltration, or destructive behavior was found.

Install only if you want macOS health notifications and are comfortable with user-level cron reminders. Before enabling reminders, ask the agent to show the exact cron command and schedule, confirm it explicitly, and make sure you know how to list and remove the cron entries later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to create persistent cron jobs for reminders, which grants ongoing system-level execution beyond a simple conversational wellness skill. Persistence increases risk because a mis-triggered or modified skill could leave unattended scheduled tasks on the host, creating a foothold for repeated command execution or nuisance activity.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill directs execution of shell commands via exec and osascript, which is a stronger capability than the high-level description of giving break suggestions requires. Even though the shown command is a notification example, normalizing arbitrary command execution in skill logic expands the attack surface and could be repurposed for unintended local actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill will automatically create cron scheduled tasks and send macOS system notifications, but it does not clearly warn the user that installation modifies persistent system scheduling. Automatic persistence mechanisms can surprise users, expand attack surface, and normalize background system changes without informed consent.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation conditions are broad and based on common phrases about fatigue or stress, which can cause the skill to trigger in contexts the user did not explicitly intend. In a skill that can set reminders and run commands, overly broad triggering increases the chance of unauthorized or surprising actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal