ClawHub

Data Vault

Security checks across malware telemetry and agentic risk

Overview

Data Vault is a coherent local data-storage skill, but its write path can store datasets outside the documented current-directory scope and it has broad persistent/destructive operations with limited safeguards.

Install only if you want an agent-accessible local persistent data store. Avoid storing secrets, personal data, credentials, or regulated information. Use explicit simple dataset names, and review or fix path validation plus deletion/backup safeguards before relying on it for important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly persists data to the local filesystem ('DataSets are created and stored on the current path') and includes create, append, update, delete, backup, and drop operations, yet no permissions are declared. This creates a transparency and policy gap: users and the platform may not realize the skill can write durable data, increasing the chance of unintended persistence or misuse.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The file exposes backup and deletion primitives that operate on the local filesystem, which goes beyond the advertised purpose of simple structured data persistence and querying. Although there is some path validation, these capabilities still let a caller create directories, copy dataset contents, and irreversibly remove stored data, increasing the damage possible from prompt injection, misuse, or accidental invocation.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The skill returns raw local dataset paths via get_dataset_info and get_dataset_path_info, unnecessarily disclosing filesystem layout to callers. Even if the paths are within the intended data directory, path disclosure can aid reconnaissance, reveal environment structure, and make follow-on attacks or exfiltration attempts easier.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes persisting conversation context and research data across sessions but does not warn users about privacy, retention, or sensitivity risks. In an agent skill, this can lead operators to store personal, confidential, or regulated data without informed consent, retention limits, or deletion guidance, increasing the chance of unintended data exposure or policy noncompliance.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with normal conversation, such as 'remember this', 'store for later', and 'persist information'. Because this skill performs persistent storage, broad invocation language can cause accidental activation and unintended saving of sensitive conversation content across sessions.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation exposes data-modifying and destructive commands including append, update, delete, backup, and drop, but does not provide strong, repeated warnings about irreversible persistence, deletion consequences, or sensitive-data handling. In a persistence skill, this context makes accidental data retention or destructive operations more likely, especially given the broad triggers and session-initialization guidance to inspect existing datasets.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
drop_dataset performs irreversible deletion of both the dataset directory and its metadata entry without any confirmation, soft-delete, or recovery mechanism. In an agent context, destructive actions triggered from natural language are especially risky because a mistaken or manipulated request can permanently destroy stored data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
`update_dataset_record` loads the full dataset into a DataFrame and rewrites it with `mode="overwrite"` after modifying a single row, with no confirmation, authorization, version check, or rollback. In a persistence skill whose purpose is to store cross-session data, this makes accidental or unauthorized modification of stored records easier and increases the chance of irreversible data loss or corruption from mistakes or race conditions.

Missing User Warnings

High
Confidence
98% confidence
Finding
`delete_dataset_record` deletes a record by removing it from an in-memory DataFrame and then overwriting the entire persisted dataset, again without any user-facing warning, soft-delete, authorization guard, or recovery path. Because this skill is explicitly designed for long-term storage of potentially important conversation and research data, silent destructive deletion is particularly dangerous and can cause permanent loss of valuable state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal