ClawHub

Soul Guardian

Security checks across malware telemetry and agentic risk

Overview

This looks like a local AI counseling skill, but it can automatically create and keep very sensitive mental-health records without a clear opt-in at the time of use.

Install only if you are comfortable with mental-health and family-relationship notes being stored in ~/.counselor on this machine. Prefer explicit /counselor use, avoid shared or synced devices, review or delete ~/.counselor regularly, and treat crisis guidance as support only, not a replacement for licensed professional or emergency help.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README states that ordinary statements like '今天好烦,不想上班' or '跟家人吵架了' may automatically trigger the counselor skill. This is risky because the skill is designed to persist highly sensitive mental-health content to local files, so users may disclose or store intimate data without explicit, informed activation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Although the README mentions that data stays local, it does not prominently and explicitly warn that the tool persistently stores highly sensitive psychological profiles, session logs, safety assessments, and crisis-related notes on disk. For a mental-health skill, this omission can cause users to share extremely sensitive information without understanding the retention model or local exposure risks from other users, backups, or compromised devices.

Vague Triggers

High
Confidence
98% confidence
Finding
The skill is configured to trigger on extremely broad, everyday emotional or family-related language, which can route ordinary conversation into a sensitive counseling workflow without clear user intent. In this context, over-triggering is dangerous because the skill performs persistent memory operations and handles mental-health disclosures, increasing the chance of collecting and storing sensitive data unexpectedly.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill instructs the agent to check for, create, and update local counseling records immediately, but does not require explicit upfront consent for persistent storage before those file operations occur. Because the data involves mental health, family conflict, and crisis disclosures, silent persistence materially increases privacy and confidentiality risk even if storage is 'local-only.'

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This template directs the creation of a persistent local dossier under ~/.counselor/ containing highly sensitive mental-health, family, crisis, and relationship information, but provides no consent flow, retention limits, access controls, minimization guidance, or privacy warning. In a counseling skill, these records are especially sensitive because they can expose crisis status, family dynamics, beliefs, and journal data if the host account, backups, logs, or shared machine are accessed by others.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill requires persistent logging, summarization, and archival of highly sensitive counseling disclosures in natural language, including emotions, family issues, safety risk status, and session observations. In a counseling context, this data is exceptionally sensitive, and long-term retention plus archival expands exposure, re-identification risk, and harm from local compromise or unauthorized access.

Ssd 3

Medium
Confidence
95% confidence
Finding
The design explicitly aims to make profiling feel invisible to the user while accumulating sensitive mental-health, family, and life-history data across sessions. In the context of a counseling skill, this is especially dangerous because the collected data is extremely sensitive, often includes crisis indicators and intimate disclosures, and covert retention undermines informed consent and increases harm if the local files are accessed, synced, backed up, or exposed.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to store a client's own words verbatim in permanent files creates unnecessary retention of raw, highly sensitive psychological disclosures that may include trauma details, suicidal ideation, abuse reports, names, and other identifying context. In a counseling setting, verbatim records sharply increase privacy and safety risk because exact quotes are more revealing than summaries and can be harmful if later accessed by other local users, malware, backups, or support tooling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal