ClawHub

Life Scheduler

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed roleplay/persona utility that creates and injects fictional daily state, with no evidence of hidden code, exfiltration, or unrelated access.

Install only if you want a persona or companion agent to maintain fictional daily state. Review the cron schedule, whether HEARTBEAT.md should be injected into every conversation, whether recent chats should be referenced, and how long memory/life-history archives should be kept.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the skill automatically reads SOUL.md and injects generated life-state content into conversation context, but it does not warn users that persona data and generated state will be processed and persisted as part of routine operation. This creates a transparency and privacy-consent issue: users may unknowingly expose sensitive persona or workspace content to automated prompt generation and context injection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation says a cron job is automatically registered to generate daily state, but it does not clearly warn that the skill performs scheduled background actions that modify workspace state. Background automation can surprise users, consume tokens, and create or overwrite files without interactive confirmation, which is risky in an agent environment.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises many broad trigger phrases and implies automatic use in ordinary conversation, which creates ambiguous activation boundaries. In a skill that reads persona files and persists state, unintended activation can cause silent file reads/writes or schedule changes when a user merely discusses related topics.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The documentation says users do not need specific commands and can use unrestricted natural language, making it easy for normal conversation to be misinterpreted as an instruction. Because the skill can rewrite HEARTBEAT.md, update configuration, and alter persistent persona state, ambiguous activation materially increases the risk of unintended actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The overview describes behavior that reads SOUL.md, IDENTITY.md, optional conversation history, and writes HEARTBEAT.md/history files, but does not present this as an explicit safety warning or consent point. Users may not realize the skill continuously ingests potentially sensitive context and persists generated state, which undermines informed consent and increases privacy and integrity risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatic cron registration is described as a default setup step, but the documentation does not clearly warn that scheduled tasks will continue modifying workspace files without per-run interaction. Persistent autonomous writes increase the chance of unnoticed state drift, accidental overwrites, and privacy issues if the generated files are later consumed by other agent components.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The manifest describes a very broad behavior set around persistent persona state, daily schedule generation, outfit, mood, and contextual injection, but it does not define clear activation boundaries or user-consent conditions. In an agent ecosystem, vague triggers increase the chance the skill activates unexpectedly and steers conversations or context in ways the user did not request, especially for companion or roleplay scenarios where behavioral influence is sensitive.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly states that the agent will read persona files, invoke an LLM, and write generated content back into the user's workspace configuration file, but it does not warn the user about overwrite behavior, prompt-derived content risks, or require confirmation before modifying files. In a skill that operates on persistent user files, silent writeback can lead to unintended data loss, unreviewed content injection, or accidental persistence of sensitive persona-derived information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs users to inject HEARTBEAT.md into every conversation context without any privacy notice about what that file may contain or how broadly it will be exposed to downstream model calls. Because HEARTBEAT.md is generated from schedule, mood, history, and possibly persona-derived details, automatic inclusion materially increases the risk of persistent disclosure of sensitive behavioral or identity information across unrelated chats.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation describes automatic cron registration for daily generation and periodic file updates, but does not adequately warn that these actions continue in the background and will keep modifying workspace files over time. Persistent scheduled execution increases the blast radius of mistakes, can surprise users with recurring writes or data accumulation, and may cause ongoing privacy exposure through archived history and refreshed context files.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal