ClawHub

Wine Archive

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent personal wine archive with local storage and optional Telegram/LLM features, but users should treat exports, deletes, and external integrations carefully.

Install only if you want a local wine archive and are comfortable managing the privacy of tasting history, purchase locations, notes, and label photos. Keep LLM intent classification off unless you accept sending relevant text to the configured provider, use Telegram sending only for labels you intend to share, store image-inclusive exports securely, and double-check record IDs before using remove.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents a Telegram bridge and optional LLM intent classification, but it does not clearly warn users that wine archive contents, queries, and possibly label-derived text may be sent to third-party services when those features are used. Because this skill handles personal consumption history and images, users may unknowingly expose sensitive personal data to external providers, creating a real privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents a destructive delete operation (`wine:remove -- --id 42`) but provides no guidance to require confirmation, preview the target entry, or support recovery. In a chat-driven or agent-mediated workflow, this increases the chance of accidental or mistaken deletion of personal archive data, especially if an ID is inferred incorrectly or the user request is ambiguous.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export/import and Telegram bridge sections describe moving archive data and label images outside the local store without warning about privacy exposure, third-party transmission, or sensitive metadata leakage. Because the archive contains personal consumption history, purchase locations, dates, notes, and images, users may unintentionally disclose private information when exporting with embedded images or sending media through Telegram/OpenClaw.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The `remove` command performs irreversible deletion based only on a supplied ID and immediately executes `deleteWineEntry(...)` with no confirmation, dry-run, or undo. In an agent or automation context, a mistaken invocation, malformed argument, or prompt-influenced action can silently destroy user data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code persistently stores full LLM prompts, responses, and errors to a local SQLite database by default. Even with partial redaction and truncation, prompts and model outputs commonly contain sensitive user data, credentials that do not match the regexes, proprietary content, or regulated data, so this creates a meaningful confidentiality and privacy risk if the host is shared, backed up, exfiltrated, or later inspected without user awareness.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal