ClawHub

WhatPulse AI Agent Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears benign: it is a read-only WhatPulse database helper, but it can reveal private activity history if you use it.

Install only if you are comfortable with your agent reading and summarizing your WhatPulse history, including app usage, websites, input counts, and network patterns. Keep WHATPULSE_DB pointed at the intended database, avoid synced or shared storage unless it is private and access-controlled, and do not use the cron/cloud snapshot workflow on sensitive or managed systems without understanding where the copied database will persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises local read-only access, but its database selection logic prioritizes an arbitrary path from WHATPULSE_DB, including synced or remote copies. That expands the trust boundary beyond the local WhatPulse installation and can cause the agent to access unexpectedly sensitive data from another location or user context without clear disclosure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The remote/synced access section instructs users to create database snapshots and scheduled sync jobs using sqlite3 .backup and cron, which goes beyond a read-only query skill into operational guidance that duplicates sensitive activity data. This increases exposure by creating extra copies of keystroke, app, website, and bandwidth history that may reside in cloud storage or shared folders.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill handles highly sensitive behavioral telemetry, including keystroke counts, application usage, website tracking, uptime, and network activity, but does not present a clear privacy warning before use. Users may not appreciate that natural-language questions can expose intimate work patterns, browsing habits, or other personal activity data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions for cloud-syncing or sharing database copies omit any warning that WhatPulse data contains sensitive personal activity history. Encouraging placement in Dropbox, OneDrive, iCloud, or other synced storage without discussing encryption, access control, or shared-account risks materially raises the chance of privacy compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal