ClawHub

Capability Growth

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to analyze local agent logs, but it can recursively read and print sensitive log content under broad activation language without clear scoping or redaction.

Install only if you intentionally want an agent to analyze local session logs. Point it only at a narrow log folder you have reviewed, avoid directories containing secrets or personal notes, and treat its terminal or JSON output as sensitive because it may include excerpts from your logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger keywords are very broad for an agent skill and include generic terms like "growth," "improvement," "performance," and "metrics" that are likely to appear in many unrelated conversations. This can cause unintended activation against arbitrary user content and lead the skill to scan or analyze log directories when the user did not explicitly intend to invoke it, increasing the risk of over-collection or privacy-impacting behavior.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The natural-language activation examples (e.g. asking how the agent has grown this month or to show a capability trend) are ambiguous and do not clearly signal that local session logs will be accessed and analyzed. In an agent environment, such broad phrasing can trigger file-processing behavior from casual conversation, which is dangerous because the skill operates on potentially sensitive memory or workspace logs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script recursively traverses a user-supplied directory and reads matching .md/.txt/.log files, then later extracts and aggregates content from them. In a skill intended to analyze agent logs, this behavior is functional, but it still creates a real privacy/security risk because users may point it at directories containing unrelated sensitive notes, tokens, URLs, internal logs, or personal data, and there is no consent prompt, path restriction, or clear warning about ingestion scope.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The reporting functions print extracted wins, failures, skills, and summaries derived directly from log contents to stdout in both markdown and JSON modes. Although the code filters a few token/URL/hash patterns in extractWins, coverage is incomplete and failures are unfiltered, so sensitive operational details, credentials, internal endpoints, or personal information from logs can be exposed to terminal history, CI logs, or calling systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal