ClawHub

Archon Brain

Security checks across malware telemetry and agentic risk

Overview

This Markdown-only personal management assistant is not malware, but it needs review because broad triggers can start workflows that read and change sensitive workspace notes.

Install only in a private workspace where you intentionally want this assistant to read and maintain management notes. Before using it broadly, narrow the triggers or require explicit Archon-prefixed commands, require confirmation before any profile or daily-log mutation, and replace the Sopaco-specific profile and boss context if this is not for that exact user.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill defines a global safety rule to propose profile changes before modifying profile files, but the coaching workflow overrides that by mandating a direct write to `profile/growth-areas.md`. This creates an integrity and consent issue: routine conversational coaching can silently mutate long-lived personal profile data, making later recommendations depend on unapproved or incorrect state.

Vague Triggers

High
Confidence
95% confidence
Finding
The top-level trigger list includes very broad everyday words such as '今天', '准备', '总结', and '选择', which can match ordinary conversation unrelated to the skill's intended workflows. In an AI IDE with filesystem access, accidental activation can cause unintended context loading, file creation, or file modification across sensitive workspace records.

Vague Triggers

High
Confidence
97% confidence
Finding
Across the workflow definitions, many trigger phrases are ambiguous, short, and semantically common, so normal user dialogue may satisfy multiple workflows at once or the wrong workflow inadvertently. Because these workflows instruct the agent to read broad personal/org/project context and write persistent records, ambiguous routing increases the risk of unintended data access, unauthorized file writes, and cross-workflow state corruption.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The workflow-selection table uses very broad trigger phrases such as common words for daily summaries, meetings, reviews, and decisions. In an agent-routing context, this can cause unintended skill invocation during ordinary conversation, leading the agent to load unrelated sensitive context or perform file-writing workflows the user did not clearly request. The surrounding prompt increases risk because it explicitly instructs the agent to proactively read profile/history files and write records once a workflow is engaged.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal