ClawHub

moyu-journal-auto

Security checks across malware telemetry and agentic risk

Overview

This is a playful local journaling skill, but it can persist sensitive work-behavior logs and infer activity from chat, browser history, and calendar data with weak consent and retention controls.

Install only if you are comfortable creating a durable local record of potentially sensitive workplace and personal activity. Keep browser-history, calendar, and broad chat-history access disabled unless you explicitly need them, and check the ~/.openclaw/moyu-journal/ folder regularly so you can review or delete stored entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are common conversational expressions like “今天摸鱼了” and “摸鱼日记,” which can be invoked during ordinary chat without clear scope boundaries. In an agent environment, broad triggers increase the chance of accidental activation, causing unintended journaling, file writes, or generation of deceptive work-log content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README asks users to enable filesystem access and mentions local storage, but it does not clearly foreground that persistent personal journal data will be created and retained on disk. Users may grant broad file permissions without understanding that sensitive behavioral records, complaints, and disguised work logs will be written locally and could later be exposed to other local processes or users.

Missing User Warnings

High
Confidence
96% confidence
Finding
The optional browser-history access is especially sensitive because browsing history can reveal personal interests, health concerns, finances, work activity, and account-related metadata. Describing it as a way to infer '摸鱼活动' without a strong privacy warning or data-minimization statement creates a substantial risk of overcollection and misuse of highly sensitive user activity data.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger rules are broad enough to activate on ordinary conversation mentioning 摸鱼/划水/刷手机, and they also instruct the agent to proactively check at the end of the day. That can cause unintended invocation and subsequent file writes or retrospective analysis of chat history without a sufficiently explicit, per-use confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill performs or proposes sensitive actions—writing persistent local files and reviewing chat history, browser history, and calendar events—but the user-facing description does not clearly warn about this data collection and retention. Users may invoke a seemingly humorous journaling tool without understanding that it can inspect other personal data sources and store free-text notes on disk.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instructions explicitly tell the agent to review conversation history, browser history, and calendar data to infer activities and include them in summaries and rankings. This creates a real privacy risk because the skill can aggregate unrelated personal data into outputs, potentially surfacing sensitive habits, appointments, or prior conversations that the user did not intend to include in a joke journal.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs persistent storage of timestamped sessions and free-text notes in local files under a fixed path. Even if stored locally, these logs can accumulate sensitive behavioral and workplace information, and the free-text note field may capture far more personal data than necessary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal