Back to skill

Security audit

Super Claw Local Knowledge

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local document knowledge-base workflow, but users should understand that converted documents and an index are kept locally for later retrieval.

Install only if you want a persistent local knowledge base. Treat uploaded documents as retained and searchable after conversion, review converted Markdown before deleting originals, and consider narrowing or skipping the optional proactive SOUL.md setup if you only want retrieval when explicitly requested.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly instructs the agent to persist user-uploaded documents and a searchable index on local disk, but it does not mention retention limits, access controls, deletion procedures, or handling of sensitive content. In a knowledge-base skill, this creates a real confidentiality and privacy risk because users may upload proprietary or personal documents that remain stored and retrievable beyond the immediate task.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation rule tells the agent to load this skill whenever it encounters 'uncertain or specialized knowledge,' which is broad enough to trigger retrieval in many normal conversations. In this skill's context, overbroad activation increases unnecessary access to locally stored documents and raises the chance of exposing unrelated sensitive material or relying on stale local content without a clear user need.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes uploading documents and storing converted Markdown plus an index locally, but it does not clearly warn users that uploaded content will be persistently retained in the workspace knowledge base and index. This can lead users to provide sensitive documents under the assumption they are processed ephemerally, creating a confidentiality and privacy risk if secrets, personal data, or proprietary information are later retrievable by the agent or other local users/processes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation guidance is broad enough that the skill may activate whenever a user mentions documents or knowledge-related tasks, even when narrower or safer handling would be more appropriate. In a skill that reads, converts, and stores local files, overbroad activation increases the chance of unintended file processing, unnecessary data ingestion, and privacy-sensitive knowledge base updates without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs deletion of original uploaded files after conversion, but it does not require user confirmation, backup retention, or verification that the converted Markdown fully preserves the source content. In a knowledge-ingestion workflow handling user-provided documents, this creates a real risk of irreversible data loss if conversion is incomplete, corrupted, or mis-indexed.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The requirement to always use Chinese filenames and Chinese summaries imposes an unnecessary language transformation on all ingested content without user choice. In this skill context, that can cause mislabeling, reduced accessibility, and retrieval errors for non-Chinese users or multilingual datasets, weakening integrity and usability of the knowledge base.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.