ClawHub

Fox Ontology

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-graph skill; the main risk is persistent storage of sensitive details, not hidden network access or malicious behavior.

Install only if you want a persistent local knowledge graph in the workspace. Do not store raw passwords, tokens, or private message contents unless you intentionally want them retained; run validate after changes; and review memory/ontology/graph.jsonl because delete hides entities from the current graph but does not erase prior log records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest description says to trigger on broad phrases and conditions such as "remember", "show dependencies", "entity CRUD", and "cross-skill data access". Several of these are not narrowly scoped to this ontology skill and overlap with common assistant behavior, increasing the chance of accidental activation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Entries like "Planning multi-step work" and "Skill needs shared state" describe broad situations rather than precise invocation triggers. Without constraints or negative examples, these conditions are too general and may match many unrelated tasks.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This code performs an irreversible delete by appending a delete operation to the graph log, but there is no confirmation prompt, cautionary comment/docstring, or other user-facing warning near the operation itself. In the CLI flow, the delete command executes immediately when invoked, increasing the risk of accidental data removal without explicit disclosure.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal