ClawHub

Brainstorming

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly transparent about its purpose, but it can automatically process recent private transcripts and create pending cards from broad triggers without an approval step before the processing happens.

Install only if you are comfortable with HiJavis scanning recent recordings or a dispatcher-selected completed unit to make brainstorming cards. Review the pending card before confirming, because Confirm copies a prompt intended for Claude and may lead Claude to pull the original transcript. Consider disabling the route or avoiding this skill for sensitive meetings, regulated data, or conversations where broad phrases like organizing thoughts should not trigger automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation examples include very broad and natural-language phrases such as 'help me organize my thoughts on this,' which can cause the skill to trigger on ordinary conversation without clear user intent. In a system that scans recent recordings, ambiguous triggers increase the chance of unintended processing of sensitive voice-note or conversation content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that HiJavis 'listens to your conversations and voice notes' and 'reads back through your recent recordings,' but it does not present this as a clear privacy warning at the point of use. Users may not realize that invoking the skill causes retrospective scanning of personal recordings, which creates a meaningful risk of unexpected collection and processing of sensitive data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The auto-run route uses broad semantic matches like ideation, presentation/deck planning, and organize my thoughts, which can cause the skill to trigger on ordinary conversation that was not intended to create a pending card. Because the skill fetches recent transcripts and writes a to-do card without an approve-to-run gate, misclassification can result in unintended processing of sensitive transcript content and unsolicited card creation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The invocation notes explain automatic execution and pending-card behavior deep in the document, but the top-level description and trigger guidance do not prominently warn that transcript data may be fetched and a card written automatically. This weak disclosure increases the chance that users or integrators misunderstand the privacy and automation behavior, especially since the dispatcher can run the skill without an approve-to-run card.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "brainstorm this" is generic and likely to appear in normal conversation, which can cause unintended skill activation. In this skill’s context, the description explicitly says it can auto-run via a session dispatcher and create a pending to-do card without an approve-to-run step, increasing the chance of accidental invocation and unauthorized task creation from ambient or unrelated speech.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The route's match list contains broad natural-language phrases such as 'help me organize my thoughts' and 'turn this into a brief,' which can cause over-triggering on ordinary transcripts unrelated to explicit brainstorming intent. That can lead to unexpected routing, unnecessary transcript processing, and unsolicited to-do card generation, increasing the chance of privacy-invasive or confusing automation.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill explicitly prepares a prompt that carries user context into a separate Claude interaction, creating a cross-system data transfer path for potentially sensitive transcript content. Even though the handoff is user-mediated via clipboard, the design encourages moving conversation-derived data into another model session where retention, access controls, or user expectations may differ.

Ssd 3

Medium
Confidence
94% confidence
Finding
This section more explicitly instructs that the hand-off prompt tells Claude to pull the user's original transcript and use prior context, which can amplify privacy exposure beyond a simple summary. Because the workflow is designed to preserve and transmit rich conversational context, it increases the risk of disclosing private or regulated information to a second model environment without sufficient review or consent controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal