ClawHub

123skill-display-name1

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local learning logger with optional reminder hooks; it has privacy and persistence tradeoffs but no evidence of hidden exfiltration or destructive behavior.

Install only if you want local persistent learning notes. Prefer project-level hooks over global hooks, consider adding a matcher such as debug|error|fix, avoid enabling command-output detection in sensitive sessions, and review .learnings plus any promoted AGENTS.md, CLAUDE.md, SOUL.md, TOOLS.md, or MEMORY.md content before reusing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states that hook scripts 'only output text' and 'don't modify files or run commands,' but the same file configures those scripts as command hooks and shows direct execution of another script. This is a dangerous trust signal because operators may grant broad hook access based on an inaccurate safety description, underestimating that arbitrary shell scripts execute with the agent's privileges.

Vague Triggers

Medium
Confidence
88% confidence
Finding
An empty hook matcher causes the activator hook to run on every user prompt, regardless of context. In practice this creates an always-on prompt injection/reminder path that can unnecessarily process sensitive prompts, widen the skill's influence, and make behavior harder to reason about or audit.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The advanced configuration again uses an empty matcher for UserPromptSubmit, making activation global instead of targeted. Because this skill is designed to observe failures and corrections, broad activation increases the chance of collecting or reacting to irrelevant or sensitive session content.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Using an empty matcher for UserPromptSubmit causes the hook to fire on every prompt, greatly expanding the exposure of all user inputs to the activator script. In a self-improvement skill, this increases the chance of collecting or propagating sensitive prompt content unnecessarily and makes any unsafe script behavior affect all sessions rather than narrow debugging cases.

Vague Triggers

High
Confidence
95% confidence
Finding
The user-level configuration installs the hook globally with an empty matcher, so it activates for all prompts across projects and sessions. This broad persistence amplifies risk because sensitive prompts from unrelated work can be exposed to the script, and a flawed or modified script becomes a cross-session data handling mechanism.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The 'minimal setup' still uses an empty matcher, so although it reduces overhead, it does not reduce trigger scope. This means the script still processes every prompt, preserving the same broad data exposure and increasing the blast radius of any script defect or misuse.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Codex example repeats the empty matcher pattern, broadening hook execution to ordinary prompts in that environment as well. Reproducing insecure defaults across tools increases the chance that users copy-paste a high-exposure configuration without understanding its scope.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal