ClawHub

Sleep Story

Security checks across malware telemetry and agentic risk

Overview

This sleep-story skill is not malicious, but it needs Review because it combines health-adjacent sleep tracking with unrelated crypto and purchase capability tags.

Install only if you are comfortable with a sleep aid storing local preferences and sleep-related feedback. Do not grant crypto, wallet, payment, or purchase permissions to this skill, and avoid recording sensitive health details unless there is a clear way to review and delete the memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (44)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The integration document expands the skill from simple sleep-story generation into a persistent profiling and analytics system with feedback collection, data analysis, optimization, and long-term tracking. That creates a scope mismatch: users may reasonably expect one-off content generation, not ongoing behavioral profiling and cross-session data use, which increases privacy and trust risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented data structure includes cross-session memory for story preferences and sleep-effectiveness metrics such as average sleep time and trends, but this capability is not reflected in the stated skill purpose. Storing longitudinal sleep-related and preference data without clear disclosure can surprise users and materially increases privacy sensitivity.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The document proposes A/B testing, control-style validation, and optimization loops for a sleep-story skill without explaining why experimentation on users is necessary or how consent is obtained. In this context, users may be unknowingly subjected to behavioral experiments that alter emotional or sleep-related content, creating ethical and privacy concerns beyond the core function.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The planned 'cross-user learning (anonymous)' capability extends processing from single-user personalization to aggregate learning across users, which is a major expansion of data use beyond a simple story-generation skill. Even if labeled anonymous, aggregation and model learning from user sleep and preference signals can still create re-identification, secondary-use, and consent risks if not carefully governed.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The document explicitly expands the skill from generating soothing stories into a 'scientific hypnosis/sleep-induction system' with techniques such as direct suggestion, consciousness blurring, and double-bind guidance. That is a meaningful scope change from passive content generation to behavioral influence, and it increases safety risk because users may not expect active hypnotic manipulation from a sleep-story skill.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The five-stage flow is described as a hypnosis induction pipeline, culminating in direct suggestion and sleep anchoring rather than ordinary creative storytelling. In this context, the structured progression makes the persuasive effect more deliberate and repeatable, which raises the risk of undisclosed psychological manipulation beyond the declared purpose of the skill.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The optimization guidance recommends checking and updating a history file with user preferences and related sleep-story data, even though persistence is not necessary for one-off story generation. Collecting and retaining this data without a clear necessity, minimization policy, or consent model introduces avoidable privacy risk and broadens the skill beyond its stated function.

Context-Inappropriate Capability

Low
Confidence
91% confidence
Finding
The document directs operators to record user sleep time, preferred story types, and which techniques were most effective, creating a behavioral profile tied to mental state and response to influence techniques. In a sleep and anxiety context, this is more sensitive than generic preference storage, and it can be misused for profiling or increasingly targeted psychological steering.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill expands from simple sleep-story generation into persistent personalization, cross-session memory, feedback collection, and optimization workflows that are not necessary for the stated purpose. This creates undisclosed data handling and behavioral profiling risk, especially because the capability is framed as automatic and ongoing rather than explicitly user-consented.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs reading and writing persistent memory files containing story history and possibly user-linked preferences, but this storage behavior is not disclosed in the manifest description. Hidden persistence increases privacy risk because users may assume a one-shot creative skill while the implementation retains interaction history across sessions.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
A/B testing and data-driven experimentation are unrelated to the core function of producing a bedtime story and imply comparative behavioral optimization on users. In the context of a psychologically suggestive sleep skill, experimentation without clear notice or consent can expose users to undisclosed manipulation or profiling.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file designs a full feedback, retention, and analytics system that goes far beyond generating bedtime stories, including persistent data collection, profiling, optimization, and operational reporting. In the context of a narrowly scoped sleep-story skill, this is dangerous because it expands the skill into behavioral tracking and user analytics without clear necessity, consent boundaries, or minimization.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The design includes multi-week and multi-month sleep-effect tracking, baseline comparisons, and experimental validation that amount to longitudinal monitoring of health-adjacent behavior. For a story-writing skill, this creates unnecessary sensitivity and risk because it encourages collection and analysis of sleep-related personal data beyond what is needed to produce a story.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A/B testing, retention measurement, and re-engagement optimization are growth and experimentation features that are not necessary for delivering a single sleep story. In this context, they increase risk by enabling covert experimentation on user behavior and encouraging additional data collection and nudging without explicit informed consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file clearly expands the skill from simple sleep-story generation into a persistent profiling system that stores user preferences, sleep outcomes, and optimization data over time. For a sleep aid skill, this is a meaningful scope expansion because it introduces behavioral tracking not reflected in the stated purpose, increasing privacy risk and the chance of undisclosed data retention.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This section proposes collecting longitudinal sleep and behavioral feedback such as time-to-sleep and next-morning outcomes, which goes beyond one-off story generation into ongoing user monitoring. Because sleep-related patterns can reveal sensitive health-adjacent information, collecting them without strong justification and disclosure raises significant privacy and misuse concerns.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The proposal for cross-user pattern learning is a real privacy-risking design issue because it extends data use beyond the individual user's own personalization. In the context of a sleep-story skill, this secondary use is not necessary to fulfill the core function and can enable aggregation and repurposing of sensitive preference and sleep-effectiveness data.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
User community sharing is outside the declared purpose of generating sleep stories and introduces new exposure pathways for personal preferences, habits, and potentially sensitive sleep-related experiences. Even if described as a future ecosystem feature, it creates a pathway for oversharing and function creep that is inappropriate for this skill context without strict safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section explicitly describes persistent storage of user preference data and sleep-effectiveness metrics across sessions, but it provides no notice about consent, retention, access control, or sensitive-data handling. Because sleep patterns and psychological preference data can reveal health-related or intimate behavioral information, collecting and retaining it without clear safeguards creates a privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The feedback-loop design calls for ongoing collection of user ratings, morning questionnaires, weekly feedback, and sleep-quality metrics, yet it omits any warning that this is behavioral and potentially health-adjacent data collection. In a sleep-assistance context, such tracking increases sensitivity because repeated measurements can build a detailed profile of a user's habits, emotional state, and possible sleep problems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file describes collecting detailed preference and sleep-effectiveness data, including ratings, sleep timing, and trends, but does not present any user-facing privacy notice, consent mechanism, or handling policy. Because sleep-related data can be sensitive, silent collection and storage increase the risk of inappropriate processing and user deception.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The introduction of cross-user learning from user data is not accompanied by any warning or explanation to users about aggregation, sharing, or secondary processing. That omission is risky because users may believe their data is used only to generate their own stories, not to inform broader models or datasets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document proposes collecting sensitive sleep and effectiveness information without any accompanying privacy notice, handling rules, retention limits, or security controls. Because the skill operates in a mental wellness and sleep context, omission of privacy safeguards materially increases the risk of inappropriate collection and exposure of sensitive personal data.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The invocation examples are extremely broad everyday phrases like '我睡不着,能给我讲个故事吗' and '今天好累,想听点温暖的东西', which can cause the skill to trigger in unintended contexts. In an ambient assistant setting, this increases the chance of accidental activation and unsolicited delivery of psychologically suggestive sleep content when the user did not explicitly intend to invoke this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes collecting ongoing sleep-related feedback, preference profiles, trend analysis, long-term tracking, and history records, but does not provide any user-facing notice about consent, retention, deletion, or handling of potentially sensitive wellness data. Because sleep patterns and mental-state-adjacent feedback can be sensitive, undocumented collection and persistence creates privacy and compliance risk, especially when personalization and longitudinal analysis are advertised.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal