ClawHub

全能聚合地图规划助理

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real map-planning skill, but it automatically stores location-related history and profiles users while understating the privacy impact.

Review before installing. Use it only if you are comfortable with location and travel requests being sent to AMap and with the skill saving local long-term memory and inferred preferences. Avoid entering sensitive home, work, family, customer, or operational locations unless you have consent and understand that generated map links or QR codes may expose the included places if shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (23)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The README states that no privacy information is collected, but elsewhere documents persistent memory, user profiling, behavior review, and preference-based activity recommendations. Even if the stored data is framed as "preferences" or "tags," it still constitutes user-related behavioral data, so the claim is misleading and can cause users to consent without understanding ongoing collection and analysis.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill claims '全程不收集隐私信息' while also describing permanent memory, long-term history, temporary interaction logs, and user profiling based on behavior and preferences. Even if direct identifiers are not collected, persistent preference/history data can still be personal data, so the documentation is misleading and may cause users to share data without informed understanding.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file is presented as a map-planning assistant, but it also loads persistent memory and user profiles and later records interactions and updates profiles. This creates a transparency gap: users may provide location/travel requests without realizing their activity is being retained and profiled, which can expose sensitive behavioral and location data if mishandled.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module documents temporary memory as expiring after 7 days, but only `recentInteractions` and `recentSearches` are cleaned, and cleanup is only triggered from `recordInteraction`. If users stop interacting or other temporary fields are added later, data may persist beyond the stated retention window, creating privacy and data-retention noncompliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to send precise coordinates, addresses, and POI metadata to a third-party mapping service but does not disclose that this transfers potentially sensitive location data off-platform. In a skill context, this omission can cause users or downstream developers to unknowingly expose personal, operational, or customer location information, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document describes collecting and transmitting users' POI/location collections to the AMap personal map API, but it does not mention that this data is shared with a third party or obtain explicit user consent. Because location collections can reveal sensitive habits, home/work areas, or travel patterns, omission of a disclosure materially increases privacy risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The QR-code and share/save behavior is presented as a feature, but the documentation does not warn that the resulting map links or QR codes may be accessible to anyone they are shared with and could expose a curated set of sensitive locations. This can lead to unintended disclosure of personal movement patterns or private place collections if users treat the map as private by default.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The summary explicitly describes persistent memory storage, automatic user profiling, city preferences, activity analysis, and history reuse, but it does not mention user notice, consent, retention transparency beyond temporary memory expiry, or controls over collected personal data. In a location-based assistant, these features can expose sensitive behavioral and location patterns if users are unaware or cannot opt out, making this a real privacy vulnerability rather than a harmless documentation omission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The API section documents geocoding, POI search, weather, traffic, and personal map creation through Gaode services, which implies transmission of user queries, destinations, coordinates, and possibly behavioral data to a third party. Because the skill does not warn users that their location-related data may be shared externally, users may unknowingly disclose sensitive travel and location information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises persistent features such as user profiles, history, favorites, and a resident city setting without any disclosure about what data is stored, how long it is retained, or who can access it. This creates a privacy risk because users may reveal sensitive location, lifestyle, and travel-pattern data without informed consent or clear expectations.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The activity recommendation and push features imply use of the user's city or location context, but there is no disclosure that location-based data may be used to tailor results. Even if only coarse location is used, lack of transparency can mislead users and expose them to unintended collection or inference of whereabouts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that the system will automatically learn user preferences over time, but it does not warn users about personalization, profiling, or retention of behavioral data. This is dangerous because repeated usage can build a detailed profile of habits, interests, family status, and movement preferences without meaningful notice or control.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises long-term memory, automatic profiling, nightly behavior review, and activity pushing without clear disclosure of consent, retention, or user control. This creates a privacy and transparency risk because users may not expect continuous storage and automated inference from their behavior in what appears to be a map-planning assistant.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The personal map feature uploads selected locations to Amap and generates QR codes and shareable links, but the README does not prominently warn that user-curated location sets may be transmitted to a third party and easily shared. This can expose sensitive travel habits, preferences, or personally meaningful places if users do not understand the sharing implications.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes broad everyday phrases such as '旅行规划', '本地活动', and '人文讲解', which can cause accidental invocation during ordinary conversation. Misfires become more dangerous here because the skill can access profiling, history, and activity features, increasing the chance of unintended data processing or unexpected external API usage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill defines long-term memory, permanent memory, user profiling, and history retrieval, but does not include explicit user notice, opt-in consent, or controls for review/deletion. In this context, the lack of consent is more serious because the features are designed to accumulate behavioral preferences over time, creating a persistent profile of the user.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code records each interaction and updates the user's profile automatically, but this file shows no user-facing notice or consent flow. Because requests may contain location, travel plans, preferences, and cultural interests, silent persistence can build a sensitive profile without the user's informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends city, district, POI, activity, weather, and traffic-related requests to external map/activity services, but does not disclose that user-provided location and planning data may leave the local system. This is risky because travel intent and geographic preferences can be sensitive, and users cannot make an informed choice about third-party data sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code persists detailed per-user behavioral data, including cities, favorites, routes, interaction history, and inferred preferences, to disk without any evidence of consent, notice, or opt-out handling. In a memory/assistant skill context this increases privacy risk because sensitive profiling is accumulated over time and stored permanently in a shared JSON file.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The module persists user profile data, including behavioral preferences, recent cities, tags, and timestamps, to a local JSON file without any visible consent, disclosure, retention policy, or access controls in this code path. This creates a privacy and compliance risk because personal data is stored silently and may be accessible to other local users, backup systems, or later code paths beyond the user's expectations.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The reset function overwrites the existing profile immediately with a new empty profile and performs no confirmation, authorization, or recovery check at this layer. If exposed through an agent action or called accidentally, it can cause irreversible loss of user data and preference history, which is a safety and integrity issue.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The helper automatically sends user-supplied addresses, city names, coordinates, and POI queries to a third-party API with no built-in disclosure, consent gate, or minimization controls. In an agent skill context, this can expose sensitive travel patterns, home/work locations, or search intent to an external provider without the user realizing their data is leaving the system.

Missing User Warnings

High
Confidence
96% confidence
Finding
The personal map creation flow uploads batches of POI names, addresses, coordinates, and IDs to an external service, then returns shareable URLs/QR codes. In a skill context this is more dangerous than ordinary geocoding because it can package a user's full itinerary or curated location set into a persistent shared artifact, increasing privacy loss and unintended disclosure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal