ClawHub

Interpersonal Knowledge Layer

Security checks across malware telemetry and agentic risk

Overview

This privacy-focused skill is coherent, but it handles very sensitive personal data with broad triggers, permissive defaults, and local plaintext storage that users should review carefully.

Review before installing. Use this only if you are comfortable keeping local files that may contain sensitive personal information. Populate knowledge.json minimally, review or zero out the default permission matrix before use, avoid storing bank details or medical history unless necessary, and do not assume the permission gate is technically isolated unless you add real access controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The skill's trigger description is very broad and covers common situations like incoming information requests, agent-to-agent communication, and group messages. That makes accidental invocation plausible, which is risky here because the skill governs disclosure of sensitive personal information; invoking it in the wrong context could cause misclassification, unnecessary processing of personal data, or inconsistent permission handling.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script initializes a privacy-policy system with predefined categories for highly sensitive data such as health, financial, location, and relationship information, and assigns nonzero default disclosure levels for several relationship types without any explicit user consent, warning, or review step. In the context of an agent skill whose purpose is to govern disclosure of personal information, these defaults can normalize over-sharing and lead to accidental disclosure of sensitive user data if the files are later used as-is.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal