ClawHub

Reading Tracker

Security checks across malware telemetry and agentic risk

Overview

This reading tracker is mostly coherent, but its included script can write files outside the intended reading folder if a book title contains path characters.

Install only if you are comfortable with local reading notes and review schedules being stored on disk. Until the filename handling is fixed, avoid book titles containing slashes, '..', absolute paths, or other path-like characters, and enable the weekly reminder only if you want scheduled reading-review activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly describes creating note files and updating JSON state, which are file read/write capabilities, yet no permissions are declared. This creates a transparency and authorization gap: users and the platform may not have a clear, enforceable signal that the skill can persist data on disk, increasing the risk of unexpected file modification or data exposure.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "复习" is very broad and likely to appear in ordinary conversation, which can cause unintended activation of the skill. Unintended activation matters here because the skill performs stateful operations such as reading/writing notes and schedules, so a casual mention could lead to unexpected data access or modification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation says it creates files, saves quotes, and updates schedule/index JSON data, but it does not prominently warn users that their inputs will be persisted locally. This lack of disclosure undermines informed consent and can surprise users with durable storage of potentially sensitive reading history, notes, and reflections.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal