ClawHub

Writing Triadic

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real writing assistant, but it automatically uses web research and builds persistent writing profiles without clear consent, retention, or deletion controls.

Install only if you are comfortable with the skill saving writing history, preferences, style fingerprints, feedback, and research notes across sessions. For sensitive resumes, business documents, internal reports, or personal writing, explicitly say not to search the web and consider using the documented local privacy mode; periodically inspect or remove the writing workspace, especially MEMORY.md and session folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (34)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill automatically performs external web research after requirement collection without requiring explicit user opt-in for each session. This can transmit user topics or sensitive context to external services and expands the skill's behavior beyond a local writing assistant into networked data handling.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The guide explicitly instructs storing detailed, sample-derived writing fingerprints, calibration history, and user confirmation data in MEMORY.md for ongoing reuse. Even if intended for personalization, this creates long-term behavioral profiling without any visible limits on retention, minimization, consent scope, or deletion, which increases privacy and misuse risk if the memory store is exposed or reused beyond the original task.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The document prescribes continuous cross-session drift tracking, behavioral comparison against prior writing, and update workflows for archived profiles. This expands the system from one-time style adaptation into ongoing monitoring of user behavior, which is more sensitive and harder to justify without strong purpose limitation and user controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that user preferences and corrections are automatically written to MEMORY.md, but it does not present a clear consent flow, retention policy, or deletion control. This creates a privacy and data-governance risk because users may disclose sensitive personal, professional, or stylistic information without understanding that it will persist across sessions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow says it will perform automatic online research and update a knowledge base, but it does not clearly warn users that their prompts or derived queries may be transmitted externally. This is dangerous because confidential drafting topics, internal project details, or personal information could be exposed to external services without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly advertises 'Web research + knowledge base update' but does not warn users that prompts or document content may be transmitted to external services or stored for later reuse. In a writing skill, users may submit resumes, reviews, essays, business letters, or other sensitive text, so silent external research and persistence can expose private data beyond the current session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow says the skill reads a style evolution archive and later updates memory/statistics, but it gives no privacy notice, consent flow, or description of what user content is retained across sessions. Because writing requests commonly contain personal, professional, or confidential information, undisclosed memory features create a meaningful risk of over-collection and unintended reuse.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger conditions are extremely broad and match common words like 'write', 'article', and 'draft', causing the skill to activate in many ordinary conversations. Over-broad activation increases the chance of unexpectedly invoking persistent storage, multi-agent spawning, and network research when the user did not intend to use this framework.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill describes a persistent MEMORY.md used across sessions but does not clearly warn users that their writing preferences, corrections, and derived profile data will be stored and reused. This undermines informed consent and may lead to retention of sensitive or proprietary writing patterns without the user's awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Automatic web research is enabled with no prominent warning that the user's topic, platform, or related context may be sent to external search providers. If the topic is confidential, this can create unintended data exposure outside the local environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill automatically creates multiple local files for analysis, drafts, reviews, feedback, memory, and knowledge accumulation, but does not prominently disclose this filesystem behavior to users. Silent creation of detailed logs can expose sensitive business, personal, or creative content to other local users, tools, or backups.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt instructs the agent to automatically read and later update a persistent user profile file (MEMORY.md) before and after writing sessions, but it provides no explicit consent, notice, or user control. This creates a privacy and data-governance risk because user preferences, correction history, and inferred traits may be persisted across sessions without the user's informed awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill derives an 8-dimensional 'style fingerprint' from user writing samples and stores it in persistent memory without an explicit privacy warning or consent flow. A style fingerprint is behavioral biometric-like metadata that can enable profiling, cross-session linkage, or unintended inference about the user, making the collection more sensitive than ordinary transient prompt processing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The prompt requires creating or updating session-state files and decision logs as part of workflow handoff, but it does not disclose that conversation metadata and workflow decisions will be recorded persistently. This can expose sensitive context, preferences, or interaction history beyond what the user reasonably expects from a writing assistant.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad, everyday phrases such as '直接写' and '别问了直接写', which can appear in normal conversation without the user intending to opt into a reduced-safeguard workflow. That creates ambiguous mode switching and can bypass the fuller clarification process, increasing the chance of incorrect, non-consensual, or lower-quality outputs.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The rule '充分的上下文(≥40字...)' is too vague to serve as a reliable consent signal for automatic activation. A user may provide detailed context for a normal request, but this protocol can silently switch them into a faster mode with fewer questions and weaker review, reducing safety and intent fidelity.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using prior MEMORY history to auto-activate instant mode allows past behavior to override present intent. This is dangerous because repeated historical patterns do not reliably indicate current consent, and the protocol may prematurely reduce interaction depth for requests that actually need clarification or stricter handling.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The protocol states that writing preferences and interaction data are automatically written into MEMORY.md, but it does not mention user notice, consent, retention limits, or deletion controls. This creates a privacy and data governance risk because potentially sensitive personal preferences and historical content can be retained without informed consent.

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The guidance explicitly segments users by nationality/region ('Non-Chinese users') and recommends different providers based on that categorization without any opt-in, functional necessity, or neutral capability-based criterion. While this is documentation rather than executable logic, it can still normalize region-based differentiation and lead downstream implementers to apply unnecessary geographic profiling or discriminatory defaults.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt explicitly says the Reader will receive and use user history/preferences data to judge drafts, including 'historical taboos'. That introduces privacy and profiling risk because sensitive preference data may be propagated to a sub-agent without any minimization, consent, retention, or user-facing notice, increasing the chance of oversharing personal behavioral context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The module instructs the system to automatically update MEMORY.md after each writing session, creating persistent storage of user- and task-derived SEO profiles without any explicit consent, visibility, or retention controls. This can leak behavioral patterns, publishing history, and preference data across sessions, and it increases the risk of unintended data persistence or cross-task contamination.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persistent collection and reuse of user preferences across sessions means the skill may accumulate a long-term behavioral profile, including dislikes, writing habits, and potentially sensitive contextual details. Without strict data minimization and consent controls, this increases the risk of privacy leakage, cross-session profiling, and unintended reuse of sensitive information in future outputs.

Ssd 3

Medium
Confidence
95% confidence
Finding
Instructing the system to immediately remember user corrections for future use implies ongoing retention of user-provided content and feedback without a clear approval step. User corrections may contain confidential edits, internal terminology, names, or policy guidance that should not be silently stored and replayed later.

Ssd 3

Medium
Confidence
94% confidence
Finding
Reading a user's stored style-evolution profile before each new request creates cross-session linkage and can expose prior preferences or sensitive context to future tasks where it is irrelevant. This makes the skill more dangerous because it normalizes background profiling and increases the chance of accidental leakage or inappropriate personalization across distinct writing contexts.

Ssd 3

Medium
Confidence
91% confidence
Finding
The feature description highlights extraction of preferences, corrections, style drift, adoption rate, vocabulary heatmaps, veto signals, and session state artifacts, which indicates persistent collection of behavioral and stylistic user data. Even if intended for personalization, retaining these signals can leak sensitive traits or prior content patterns and may influence future outputs in ways users do not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal