ClawHub

书本学习助手

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent ebook learning assistant, but it includes an under-scoped instruction to write generated notes into Obsidian and Notion.

Install only if you are comfortable letting the agent read the ebook files you provide. Before allowing any Obsidian or Notion action, require an explicit preview and confirmation, and specify the exact vault, database, page, or folder where notes may be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The README expands the skill's behavior from reading and summarizing ebook content into writing notes to Obsidian and Notion, which is an external side effect not clearly scoped in the stated skill behavior. This creates a risk of unauthorized data modification or unintended exfiltration of book-derived or user-supplied content to third-party/local knowledge stores without explicit user consent.

Intent-Code Divergence

Low
Confidence
76% confidence
Finding
The document frames the feature as local ebook reading, but the workflow includes writing outputs to external tools, which changes the trust boundary. Users may reasonably expect local-only processing, so undisclosed outbound or persistent writes increase the risk of privacy violations and unintended modification of external systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs writing notes to Obsidian and Notion without warning the user that external data stores will be modified. In an agent setting, lack of explicit notice and consent for write operations can lead to silent persistence of sensitive content, workspace pollution, or syncing data into cloud-backed services such as Notion.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill explicitly instructs direct parsing of user-supplied EPUB files and later details how to extract internal files and text, but it does not include a user-facing consent/privacy notice, file-scope limits, or safeguards on what content may be read and retained. Because EPUB is a ZIP-based container holding the full book text and metadata, this can expose sensitive or copyrighted local content to the model and downstream processing without sufficiently explicit warning, which is a real data-handling risk in this context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal