ClawHub

The Semantic Translation Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is a local smart-home scene parser demo that writes small local mock files and a SQLite log, with no evidence of hidden network access, device control, exfiltration, or destructive behavior.

Install only if you are comfortable with a demo script creating local S2 data folders and a SQLite database wherever it is run. Treat the hotel roaming, surveillance, and physical-control language as conceptual unless you add explicit authorization, consent, device allowlists, safety limits, and cleanup/retention controls before connecting it to real automation systems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The code path for option 2 does more than select a different location: it explicitly declares that a temporary hotel agent is subordinated to the avatar and proceeds to generate execution tracks and persistent mandates for that external environment. In a skill that appears to orchestrate physical-space automation, this creates an authorization and trust-boundary problem because control over an external agent is assumed without any verification, consent check, or policy enforcement.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The whitepaper explicitly proposes transferring a user's personalized 'Avatar' preferences across sites into hotel environments, but it provides no consent model, data minimization rules, retention limits, tenant isolation, or trust boundary controls. In a smart-space context, these preferences can reveal intimate behavioral patterns, routines, health-related settings, and privacy expectations, creating a real cross-context privacy and security risk rather than a purely theoretical concern.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The document replaces deterministic button-to-device mappings with broad natural-language scene payloads interpreted by an AI orchestrator, without defining strict schemas, safety constraints, or forbidden actions. In a physical environment, this ambiguity can lead to overbroad actuation of security sensors, HVAC, power relays, surveillance, or other devices in ways the user did not intend, increasing the risk of unsafe or privacy-invasive behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly proposes activating visual tracking and security sensors in response to routine scene triggers without any notice, consent flow, retention limits, or privacy controls. In a smart-space context, this can normalize covert occupant monitoring and create real privacy and surveillance risk, especially because these behaviors are framed as default automation rather than exceptional security features.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The hotel personalization section describes transferring a user's stored habits and preferences across locations, effectively enabling cross-property behavioral profiling without any warning or governance language. This is dangerous because it implies identity-linked preference roaming into third-party environments, which can expose sensitive behavioral patterns, create unauthorized data sharing, and increase the blast radius of any compromise.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill describes broad autonomous interception and routing of user actions across multiple subsystems without clearly defining invocation boundaries, trigger conditions, or exclusions. In an agent environment, ambiguous scope can cause overbroad activation or unintended execution paths, especially when paired with claims of reading habit files, topology data, and writing state to other stores.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states the skill may automatically generate mock topologies, databases, and habit files on the user's hard drive as a self-healing mechanism, but does not present this as a prominent, explicit side effect requiring consent. Silent local file and database creation is risky because it can violate user expectations, create unwanted persistence, and potentially expose sensitive data if written to insecure locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal