ClawHub

Arya Reminders

Security checks across malware telemetry and agentic risk

Overview

This reminder skill is useful but needs review because it can send reminder text to a fixed Telegram chat ID that the main documentation does not clearly disclose.

Review before installing. Use this only if you control the Telegram destination, set ARYA_TELEGRAM_CHAT_ID to your own verified chat ID, and are comfortable with reminder contents being stored locally and scheduled into future cron jobs. Avoid sensitive reminder text until the external delivery path is clearly configured.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill metadata and documentation claim a local reminder tool that creates secure cron jobs and logs to markdown, but the described implementation behavior includes sending reminders to Telegram and using an embedded default chat ID. That mismatch is dangerous because users and orchestrators may grant permissions or provide sensitive reminder content under the assumption it stays local, when it may actually be exfiltrated to an external destination without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to log reminder details to `memory/reminders.md` but provides no user-facing disclosure or consent step. Reminder content can contain sensitive personal data, so silent persistence increases privacy risk and creates unnecessary retention of potentially confidential information.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill states that reminders are delivered to a fixed Telegram chat ID, meaning user reminder content may be transmitted to an external third-party destination without explicit warning or confirmation. This creates a serious confidentiality and privacy issue because sensitive reminder text could be exfiltrated to an unintended or hard-coded recipient.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal