ClawHub

help-you-choose(帮你选)

Security checks across malware telemetry and agentic risk

Overview

This is mostly a coherent decision-coaching skill, but it can expose sensitive personal decision details through public report hosting and persistent local profiling without enough safeguards.

Review this skill before installing. Use it only if you are comfortable with sensitive decision data being stored locally, decline saving for private topics, and do not allow generated reports to be deployed to a public URL unless you have reviewed the exact content and intentionally approved sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill directs the agent to read and write local files (references and persistent data) while not declaring permissions. That creates a capability/permission mismatch that can bypass user and platform expectations about filesystem access, especially because it stores sensitive decision history and profile data under the user's home directory.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs publishing generated decision-analysis HTML to a public URL, which expands a local coaching workflow into external network exposure. Because the HTML may contain highly personal life-decision context, values, tradeoffs, and inferred preferences, public deployment can leak sensitive user data to unintended parties.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
User-controlled values such as the title, dimension names, and option names are inserted into an HTML/JavaScript template without context-appropriate escaping. Although some values are JSON-encoded for JavaScript, the raw title is also injected directly into HTML, and multiple UI renderers later concatenate untrusted strings into innerHTML, allowing a crafted input to execute script when the generated report is opened.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Broad trigger phrases like common expressions about indecision can cause accidental invocation in unrelated conversations. In this skill, accidental activation matters more because it may trigger profile/history reads at session start and steer users into a data-collecting workflow they did not intentionally invoke.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation tells the agent to deploy generated HTML to a public URL without a clear user-facing warning that personal decision details may become accessible outside the local environment. Given the skill's purpose, the exported content can include intimate relationship, career, relocation, and bias/profile information, making privacy harm substantial.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script persistently stores sensitive behavioral profiling data such as biases, preferences, and past lessons under the user's home directory without any explicit notice, consent flow, retention policy, or protection controls. In this skill's context, the data concerns intimate decision-making and psychological tendencies, which increases privacy risk if the local machine is shared, backed up to third parties, or otherwise accessed by unauthorized users.

Session Persistence

Medium
Category
Rogue Agent
Content
### Language
- Primary interaction language: Chinese (简体中文)
- Adapt to the user's language preference if they write in English or other languages.

## Anti-patterns to Avoid
Confidence
90% confidence
Finding
write in English or other languages. ## Anti-patterns to Avoid 1. **Do not** impose personal values or judgments ("你应该选A because...") 2. **Do not** skip straight to analysis without understanding co

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal