ClawHub

ontology

Security checks across malware telemetry and agentic risk

Overview

This ontology-modeling skill is mostly coherent, but it can read sensitive business documents and save full raw copies locally without a clear consent or cleanup step.

Review before installing. Use this skill only with documents you are allowed to process, give it narrow files or folders, expect outputs under an ontology directory, and delete raw_source files when finished. Avoid opening or sharing generated HTML from untrusted document content unless you have reviewed it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs storing raw parsed document contents to a local file before further processing, but does not require user consent, minimization, redaction, or any warning about retention of potentially sensitive business data. Because this skill is designed to parse Feishu/local documents that may contain proprietary or regulated content, writing raw source material to disk materially increases exposure through residual files, unintended reuse, or local compromise.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill directs the agent to generate and save local artifacts, including HTML visualizations, without explicitly telling the user beforehand that files will be created. While these outputs are part of the stated functionality, silent file creation can surprise users, clutter workspaces, overwrite data, or create secondary exposure if generated HTML or ontology files contain sensitive model details.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal