ClawHub

Adaptive Agent: Build User Profile

Security checks across malware telemetry and agentic risk

Overview

This skill openly builds a local user profile, but it tells the agent to inspect broad personal and workspace sources before asking and then persist inferred details for future sessions.

Review before installing. Use this only in workspaces where you are comfortable with the agent reading git history, repository files, memory files, and documents to infer personal and work-style details. Require an explicit preview and approval before saving, remove speculative or sensitive traits, and confirm where the profile and index are stored so they can be edited or deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill says it should run on first interaction or when the profile 'feels outdated,' which is subjective and can cause profiling behavior without a clear, specific user request. In a privacy-sensitive skill that reads git history, workspace files, and memory, ambiguous activation materially increases the chance of unsolicited data collection and persistence.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Trigger phrases like 'who am I' and 'user profile' overlap with normal conversation and may activate the skill when the user is asking a conceptual question rather than consenting to workspace inspection. Because the skill performs background collection from repository and memory artifacts, accidental activation can expose and persist personal or identity-related data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill begins data collection from git logs, project files, and content artifacts without an upfront notice that identity and preference data will be inferred before asking the user. This undermines informed consent and makes the later validation step insufficient, since collection and analysis have already occurred.

Ssd 3

Medium
Confidence
94% confidence
Finding
The core description instructs the agent to build or update a persistent user profile by observing workspace context, git history, and conversation patterns, which are all rich sources of personal data. Doing this by default or on weak triggers creates a profiling system without prior consent and can capture identity, habits, and preferences far beyond what is necessary for the immediate task.

Ssd 3

High
Confidence
97% confidence
Finding
The instruction to 'collect signals from the workspace without asking the user' is a direct privacy and consent failure. In this context, those signals include git identity, recent activity, configuration files, and documentation, which can reveal personal identity, employer, work patterns, and interests that the user did not intend to be profiled or stored.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill explicitly encourages mining memory files, CLAUDE.md, blog posts, research docs, and README content to infer preferences and interests. Even if these materials are present in the workspace, repurposing them for user profiling expands their use beyond the original context and can capture sensitive attributes or behavioral patterns not needed for task execution.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill directs the agent to write the synthesized profile to persistent memory for reuse in future sessions, turning one-time inference into ongoing retention. Persistent storage magnifies privacy risk because inaccurate or overly invasive inferences can follow the user across sessions and influence future interactions without renewed consent.

VirusTotal

No VirusTotal findings

View on VirusTotal