ClawHub

大学生效率管家

Security checks across malware telemetry and agentic risk

Overview

This is a coherent student planning assistant that stores school schedule and plan data locally as disclosed, with no evidence of hidden access, exfiltration, or destructive behavior.

Install only if you are comfortable storing course times, locations, exams, study plans, and exercise plans in local files under memory/student. Avoid entering information you would not want other local tools or users with filesystem access to see, and clear those files when you no longer need the planner.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read and write user data under `memory/student/` but does not declare any permissions. Hidden or undeclared file capabilities weaken security review, user consent, and sandbox policy enforcement, especially because the skill persists sensitive student schedule, exam, and preference data.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger conditions include broad everyday keywords such as `课表`, `复习`, `自习`, `运动`, and `空教室`, which can cause accidental invocation during ordinary conversation. Because this skill performs file reads/writes and planning actions, unintended triggering could expose stored personal data or modify plans without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently stores sensitive student-related data, including exam schedules and generated review plans, under a shared memory directory without any notice, consent flow, retention control, or access restriction. In a personal-assistant skill context, this can expose behavioral, academic, and scheduling data to other components or future sessions unexpectedly, creating a real privacy and data-handling risk even though it is not an exploit primitive by itself.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal