ClawHub

Cotrace

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it handles sensitive work-activity data and asks the agent to set up broad external access with limited privacy and scope disclosure.

Install only if you trust the Cotrace/Pieces setup, the ftc CLI package, and the listed external bridge with your work-activity history. Before use, ask the agent to get explicit approval before installing packages, logging in, adding endpoints, or querying data, and prefer narrow time ranges instead of broad or empty filters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The guide directs the agent to install a global npm package and configure external FTC resources on the host, which expands the skill from passive work-trace assistance into host modification and arbitrary network-connected tool setup. In this context, that creates unnecessary supply-chain and environment-change risk, especially because the commands target external infrastructure and are framed as automatic agent actions.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The login flow has the agent initiate an authorization process, obtain a browser login URL and user code, and wait for account authorization tied to an external service. Even though the user completes the browser step, this still grants the skill a capability to establish authenticated access beyond the narrow manifest description, increasing the chance of overbroad data access or account linkage.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like asking what was done today or recently, which can cause the skill to activate in situations where the user did not explicitly intend workplace activity collection. Because this skill retrieves real workstream data, over-triggering increases the chance of unnecessary access to sensitive personal or work context.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill explicitly states that it automatically collects users' daily work activity and personal context, but it does not present a clear privacy warning, consent requirement, or explanation of what data sources may be accessed. In a context involving behavioral/work telemetry, this omission is risky because users may unknowingly expose sensitive activity history, project details, or personal context.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
Assuming that Chinese-language users are in Beijing time can misrepresent the time range being queried or displayed, causing inaccurate retrieval and disclosure of activity records outside the user's intended window. In a work-tracking skill, that can expose unrelated records and undermine user trust in what data was accessed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to run a global install and add remote resources without any upfront user warning that the system will be modified and remote endpoints contacted. That deprives the user of informed consent for actions that can alter their environment and trust configuration, which is especially sensitive for a telemetry-oriented skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The verification step queries workstream summaries, which means the skill accesses potentially sensitive personal activity history immediately after setup, but the user is not warned that real data will be retrieved. Given the skill's purpose is work-trace collection, the context makes this especially privacy-sensitive because the accessed data may include recent behavior, habits, or work context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal