ClawHub

Arya Reminders

Security checks across malware telemetry and agentic risk

Overview

This reminder skill is purpose-related but needs review because it can send reminder text to a hardcoded Telegram chat despite documentation saying it does not use external APIs or outside IDs.

Review before installing. Use this only if Telegram delivery to chat ID 5028608085 is intended for you, or set ARYA_TELEGRAM_CHAT_ID to your own chat. Avoid sensitive reminder text unless you are comfortable with it being stored locally and delivered through Telegram.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to persist reminder details to `memory/reminders.md` without any disclosure or consent flow. Reminder content can contain sensitive personal, medical, financial, or scheduling information, so silent local retention creates a privacy and data-minimization risk even if the primary task is only to schedule a reminder.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill notes that delivery goes to a fixed Telegram chat ID, but this is not surfaced as a user-facing warning in the skill description or workflow. That means user reminder contents may be transmitted to a specific external recipient/channel without informed consent, which is a significant confidentiality issue and more dangerous because reminders often include sensitive real-world plans and personal data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-provided reminder content and a chat identifier into a Telegram-targeted cron workflow by default, which can expose potentially sensitive reminders to an external messaging channel. In a reminders skill, this is more dangerous because reminder text often contains personal schedules, tasks, or secrets, and the hardcoded default chat ID increases the risk of unintended disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal