ClawHub

yoooclaw-meeting-preparations

Security checks across malware telemetry and agentic risk

Overview

This meeting-prep skill is coherent, but it can read sensitive phone notifications and auto-install a web-search dependency without clear user confirmation.

Install only if you are comfortable with an agent searching recent phone notifications for meeting context. Before using it, confirm which people, topics, apps, and dates are in scope, and do not let it auto-install the byted-web-search dependency unless you trust that source and approve the environment change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run shell commands to inspect installed skills and to install a new package automatically via npx. That exceeds the core briefing task and creates a supply-chain and arbitrary-command execution risk, especially because the package source is remote and the action is performed without explicit user approval.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation criteria are broad enough to trigger on many ordinary meeting-related requests, which can cause the skill to run in situations where the user did not clearly ask for notification mining or web enrichment. In this skill, overbroad triggering materially increases the chance of unnecessary access to sensitive notifications and external lookups.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill is designed to inspect recent phone notifications and combine them with web search results, but it provides no user-facing notice or consent step for accessing privacy-sensitive local data. This can expose personal or confidential communications unexpectedly, especially when triggered by a generic meeting-prep prompt.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instructions direct the agent to gather messages about named individuals from recent notifications and use them in the briefing, without any privacy screening, sensitivity classification, or minimization. That can surface private conversations, confidential work updates, or unrelated personal data merely because a person or keyword matched.

Ssd 3

Medium
Confidence
98% confidence
Finding
The output template explicitly requires preserving the original meaning of messages and attaching source app, person name, and date, which increases the chance of directly leaking personal or confidential notification content into the final response. Combining attribution metadata with content makes re-identification and sensitive inference easier and more damaging.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal