ClawHub

Proactive Agent

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it asks the agent to build persistent cross-session memory about the user without clear limits or deletion controls.

Install only if you are comfortable with the agent keeping durable notes about your tasks, preferences, patterns, and prior interactions. Avoid using it with sensitive projects unless you add strict rules for what may be stored, where it is stored, and when memory must be reviewed or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The document defines persistent, cross-session storage of user preferences, behavioral patterns, lessons, and archives, which exceeds the stated purpose of merely reporting task progress and escalating for help. This creates a user profiling capability and expands retention of potentially sensitive behavioral data without clear necessity, scope limits, consent, retention controls, or minimization safeguards.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented cross-session profiling and archival memory are not clearly justified by the skill's described function of proactive progress reporting. When a skill keeps longitudinal records about workflows, decision-making, and recurring needs without a strong functional need, it increases privacy risk, enables unnecessary inference about the user, and broadens the consequences of misuse or compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to write error and self-reflection records into persistent paths such as `memory/lessons/` or `.learnings/ERRORS.md` without any user consent, scope limitation, or warning about persistence. This can cause unintended storage of sensitive task details, internal reasoning summaries, or user-related context in long-lived memory, creating privacy, integrity, and data-retention risks.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The cross-skill collaboration guidance tells the agent to write collaboration information to `memory/` to preserve continuity across sessions, but it does not disclose the persistence implications or impose any data-classification boundaries. In practice, this can lead to silent accumulation of user data, task context, or other agents' outputs in shared storage, increasing the chance of privacy leakage, contamination of future sessions, and unauthorized reuse of prior context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guideline explicitly instructs the agent to persist user-related information into memory locations, but provides no requirement to disclose this behavior to users or obtain consent. In a proactive assistant context, silent storage of insights, lessons, and session state increases privacy risk because users may not expect ongoing retention or later reuse of their data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal