ClawHub

Ghost Catalog - Semantic File Organization

Security checks across malware telemetry and agentic risk

Overview

This is a local project file-cataloging skill that can scan files and add catalog headers, with no evidence of hidden network access, credential use, or destructive behavior.

Install this only if you want a local catalog of project files. Before using scan or tag, make sure .ghost_ignore or .gitignore excludes secrets, private documents, generated files, and dependencies; review previews and source-control diffs before applying headers to multiple files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The auto-invocation guidance uses very broad trigger phrases like asking what files are in a project or about organization, which can cause the skill to activate in situations where the user did not explicitly request cataloging. Because this skill can scan the workspace and also perform write-capable operations in normal use, overbroad invocation increases the chance of unintended file inspection or follow-on modification in response to ambiguous prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description and command guidance do not prominently warn that tagging prepends headers into user files and that catalog operations write metadata into a local SQLite database. Without a clear up-front disclosure, users may invoke the skill expecting analysis only, but instead cause persistent modifications to source files and creation or updating of local state, which is especially risky in source-controlled or sensitive workspaces.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal