ClawHub

Privacy Eraser

Security checks across malware telemetry and agentic risk

Overview

This privacy-removal skill has a legitimate goal, but it asks for logged-in browser control, recurring monitoring, sensitive identity handling, and some misleading reporting tactics that require careful review.

Install only if you are comfortable with a skill that may search using your identity details, use logged-in browser sessions, submit reports, create local evidence records, and schedule recurring scans. Keep it in advisory/manual mode where possible, review every complaint before submission, avoid misleading report categories or unsupported DMCA claims, redact identity documents, and set explicit limits for any monitoring or stored case files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The skill explicitly directs the agent to control a logged-in browser on a Mac node and perform automatic reports on the user's behalf. That grants the skill the ability to take authenticated external actions and interact with accounts without strong per-action consent, which is far beyond passive privacy advice and creates clear account/session-abuse risk.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs reading identity data from USER.md and using it to conduct searches, which expands access to sensitive personal data beyond what is minimally necessary unless the user has explicitly requested and consented to that exact use. Centralizing and automatically consuming identity attributes increases privacy exposure and the chance of overcollection or misuse.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The cron-based monitoring introduces persistent background surveillance rather than a one-time assistance workflow. Ongoing scheduled searches and proactive notifications can continue processing personal data after the immediate task ends, increasing privacy, consent, and abuse risks.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documentation emphasizes using already logged-in browser profiles so the skill can act without user-supplied credentials, effectively piggybacking on existing authenticated sessions. This is dangerous because it enables the agent to perform account actions under the user's identity with limited friction or oversight.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The line suggesting users can 'borrow' the copyright framework to achieve removal goes beyond legitimate copyright enforcement and encourages misuse of a legal takedown mechanism. That is dangerous because the same document also includes sworn good-faith and perjury statements, so users may be induced to submit false legal claims that can suppress lawful speech and create legal exposure for the sender.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The note advising users to choose the '人身攻击' report category instead of the accurate privacy-leak category encourages deceptive misuse of a platform reporting process. This can lead to false or misleading reports, undermine trust and moderation integrity, and potentially cause improper enforcement against content creators.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate on common privacy-related requests, increasing the chance the skill engages in sensitive workflows unintentionally. In a skill that can read identity data, schedule monitoring, and submit reports, overbroad activation materially raises the likelihood of unintended high-impact behavior.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill describes automatic reporting using a logged-in browser and implies minimal user involvement, but does not clearly warn that authenticated submissions will be made and records stored. Lack of clear notice and consent around external actions and local case logging makes the workflow unsafe and prone to unauthorized or surprising behavior.

Missing User Warnings

High
Confidence
95% confidence
Finding
Reading personal identity data from USER.md without a privacy warning or consent step is a direct sensitive-data handling issue. Users may not expect a privacy-help skill to silently pull identity attributes from profile files, and misuse or leakage of those data could worsen the very privacy harms the skill is meant to address.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The monitoring mode creates recurring scans and proactive notifications without clearly warning the user that automation will continue after the immediate interaction. This can lead to unexpected background processing of personal data and surprise notifications or searches over time.

Missing User Warnings

High
Confidence
96% confidence
Finding
The automatic reporting workflow performs external submissions and stores screenshots/case records, but does not require explicit warning or user approval at the point of action. Because these are consequential authenticated actions with local data retention, missing consent and transparency significantly increases risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The node browser control section explicitly promotes '完全自动化,用户无感知' and reuse of logged-in sessions, which is a strong indicator of invisible authenticated automation. Hidden operation on user accounts without clear warning is particularly dangerous because it undermines informed consent and accountability.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill provides a template that explicitly requests and encourages submission of highly sensitive personal data, including phone number, ID number, address, and identity document photos, but it does not include any privacy minimization, redaction, retention, or secure-submission guidance. Even though the apparent purpose is legitimate rights protection, this creates a real risk of unnecessary oversharing, identity theft exposure, and unsafe handling of personal information by users following the instructions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly instructs users to include highly sensitive personal data such as ID numbers, phone numbers, home addresses, and identity document photos, but it provides no guidance on data minimization, redaction, or safer submission practices. In a skill meant to help with complaints, this creates a real privacy risk by normalizing over-collection and increasing the chance users disclose more sensitive data than necessary in copied, stored, or misrouted submissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advises providing identity documents as supporting material but does not include privacy warnings, redaction guidance, or data-minimization instructions. In a workflow involving sensitive personal-data removal, this can lead users to overshare highly sensitive documents to third parties or upload more information than necessary, increasing identity-theft and privacy-exposure risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The complaint template explicitly instructs users to include highly sensitive personal data such as phone numbers, ID numbers, addresses, and contact details, but it does not advise users to minimize data, redact unnecessary fields, or use secure submission/storage practices. In a privacy-complaint context this is especially risky because users may copy full sensitive identifiers into a document that could be shared, stored insecurely, or submitted through channels that do not require all of that information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template explicitly instructs users to include multiple categories of highly sensitive personal data, including real name, phone/WeChat, employer or school, home address, identity proof, and screenshots, but it does not warn users to minimize submissions or redact unnecessary data before sending. In a privacy-complaint context this is not overtly malicious, yet it still creates a real data-handling risk because users may overshare far more personal information than is necessary and expose it to platform staff, email channels, or secondary disclosure.

Ssd 4

Medium
Confidence
97% confidence
Finding
Framing DMCA as a means to remove content outside genuine copyright claims normalizes abusive legal-process behavior. In context, this is especially risky because the skill gives a ready-to-send formal template and platform targets, lowering the barrier to filing deceptive takedown notices that can chill lawful content and expose users or operators to legal and reputational harm.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal