ClawHub

deaiify

Security checks across malware telemetry and agentic risk

Overview

This plugin does what it says: it rewrites assistant replies to remove en and em dashes, with disclosed model reuse and temporary local storage.

Install only if you want assistant replies automatically checked and sometimes rewritten before delivery. Avoid or disable it for conversations where exact wording, legal/compliance text, secrets, or highly sensitive content should not pass through an additional configured model rewrite step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The plugin creates a per-run JSONL session file for the embedded rewrite agent even though its stated purpose is only to remove banned dash characters from outbound text. That means potentially sensitive model output is written to disk in a temp location, expanding the data exposure surface through local disclosure, forensic recovery, misconfigured temp directory permissions, or crashes before cleanup completes.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill explicitly enforces a universal output-style policy on all assistant replies before delivery, regardless of user preference or task context. Because it intercepts outbound messages and rewrites them through an embedded LLM, it can alter content fidelity, override user/system intent, and create an unbounded post-processing step that users did not opt into.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plugin forwards the full outbound reply text to an embedded agent for rewriting without any user-facing disclosure or consent mechanism. Even if this is an internal runtime component rather than a third-party service, it still creates an additional processing hop for potentially sensitive content and changes the trust boundary of message handling in a way users may not expect.

VirusTotal

1/66 vendors flagged this skill as malicious, and 65/66 flagged it as clean.

View on VirusTotal