ClawHub

回忆录制作

Security checks across malware telemetry and agentic risk

Overview

This is a local oral-history helper that saves interview notes on disk, with privacy considerations but no evidence of hidden access, exfiltration, or unsafe behavior.

Install only if you are comfortable storing interview material locally in ./father_stories. Get consent from the person being interviewed, review stories before sharing or turning them into public scripts, and delete or protect the folder if it contains sensitive family details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation phrase is broad and naturalistic, which increases the chance the skill activates in unintended contexts whenever a user asks for help interviewing a parent about historical topics. In an agent ecosystem, overbroad triggering can cause accidental routing, surprising behavior, or unauthorized use of this skill’s prompting style and data-handling flow without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill persists raw oral-history content and tags to local disk without any notice, consent flow, retention limit, or access control. Because the content concerns identifiable family memories and potentially sensitive personal history, silent storage increases privacy risk and can expose intimate data to other local users, backups, or later unintended reuse.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to collect a family member's raw oral-history content and store it as a reusable material library, yet it includes no privacy boundaries, minimization rules, redaction, retention policy, or consent safeguards. In this context, the data is likely personal and potentially sensitive, so unrestricted accumulation and reuse materially increases privacy harm and the chance of secondary misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal