ClawHub

Clipboard Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local clipboard-history recall helper, but users should treat it as sensitive because clipboard history can contain secrets and private files.

Install only if you are comfortable with a local tool keeping searchable clipboard history, which may include passwords, API keys, private URLs, file paths, screenshots, or PDFs. Use retention, ignored apps, and API-key filtering where available, and require explicit confirmation before exporting raw bytes, deleting history, changing settings, or managing background services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill advertises mutation capabilities beyond passive clipboard recall, including app control and settings changes. In a skill whose user-facing purpose is recovery of prior clipboard contents, these extra controls expand the attack surface and could let an agent alter application state or defaults without the user expecting administrative side effects.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Documenting `settings reset`, launch-at-login changes, update checks, or app quit functionality in a clipboard recall skill is dangerous because these actions change persistent user state and are not necessary to answer recall requests. A user asking to recover copied content would not reasonably expect their capture policy or app behavior to be modified, creating room for unsafe or surprising actions.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The commands reference exposes numerous mutation and control surfaces far beyond clipboard recall, including restore, export, forget, purge, storage rewrites, service control, settings changes, and app management. In an agent skill whose declared purpose is recalling clipboard contents, documenting and thereby enabling these extra capabilities expands the attack surface for data destruction, privacy-impacting state changes, and persistence if the agent is induced to use them.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
This section includes unrelated app/service lifecycle and installation commands such as service start/stop/uninstall, setup/watch, and agent skill install/uninstall helpers. Those capabilities are not necessary for clipboard-memory recall and could let an agent modify local services or filesystem state under the guise of a benign memory-retrieval skill.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
A live update-check operation introduces network-reaching behavior and mutable app state that is unrelated to the skill’s stated recall function. Even if benignly intended, it violates least privilege and could be abused to create unexpected outbound traffic or alter cached application state without a clear user need.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Launch-at-login and app quit controls can change application persistence and availability, neither of which is needed to answer clipboard recall queries. In this context, they create an unnecessary ability to establish persistence or disrupt the app, increasing the consequences of prompt injection or accidental invocation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
This skill is specifically designed to retrieve historical clipboard contents, including commands, URLs, paths, images, and PDFs, which often contain credentials, tokens, personal data, or confidential documents. Without an explicit warning about sensitive data exposure and export, users and downstream agents may invoke it too broadly and inadvertently surface or persist highly sensitive material.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal