ClawHub

绿灵

Security checks across malware telemetry and agentic risk

Overview

This plant-care skill is not malicious, but it uses very broad activation plus automatic local records, scheduled reminders, and IMA syncing in ways users should review first.

Install only if you are comfortable with a plant-care assistant creating local memory files, scheduled reminders, and IMA knowledge-base records. Before use, review or constrain activation so unrelated prompts do not trigger onboarding, and confirm where plant notes, city, schedule, and household environment details will be stored or synced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill explicitly declares that when unconfigured, any user input should trigger the onboarding flow and override the current conversation. This creates an overly broad interception rule that can hijack unrelated conversations, suppress user intent, and cause the agent to ignore safer or more appropriate skills and instructions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The passive trigger includes vague phrases like '帮我看看', which are common in many unrelated conversations and can spuriously activate the skill. Ambiguous triggers increase the chance of context takeover, causing the assistant to answer as the wrong skill and potentially mishandle user data or workflow actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The semantic trigger examples for adding plants are open-ended ('新买了一盆', '又搞了一盆') and lack explicit plant-context constraints. In a multi-skill agent, broad semantic matching can misfire on unrelated shopping or household discussion and route execution into file-writing and reminder setup flows unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs automatic appends to local draft files and scheduled deletion after merge, but does not clearly warn the user that persistent local files will be created and later removed. Silent writes and deletions can violate user expectations, create audit gaps, and be abused if the skill is triggered accidentally through its broad activation rules.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically syncs plant records from local memory into an external IMA knowledge base without a clear privacy or data-transfer disclosure. Even if the data seems low sensitivity, it can include location, schedules, notes, and household context, and transferring it silently to a third-party system increases privacy and consent risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal