ClawHub

Compact Test A

Security checks across malware telemetry and agentic risk

Overview

This is a coherent compaction helper, but it can persist broad conversation and tool-output details, including authentication-related information, without clear pre-write consent or retention limits.

Install only if you are comfortable with the agent writing summaries of conversation and tool-output details to local memory files. Review what gets saved, avoid sessions containing raw secrets or tokens, delete or redact memory files when needed, and prefer the ClawHub package over unpinned GitHub curl/clone installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README creates a contradictory and unsafe data-handling model: it says sensitive data such as auth tokens will be masked, but its classification table also labels authentication tokens as information that must be saved to memory. In practice, this encourages persistence of secrets derived from tool output or conversation, increasing the chance of credential retention, later disclosure, and cross-session compromise even if partial masking is attempted inconsistently.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to write conversation-derived facts, decisions, user preferences, and task progress into dated memory files, but does not clearly foreground the privacy and retention implications of storing user data across sessions. That creates a realistic risk of collecting personal, operational, or confidential information without informed consent or clear retention boundaries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad and include proactive activation when context is "near full" or on heartbeat, which can cause the skill to run without a precise user request. In this skill, that matters because execution includes scanning prior tool outputs and extracting information into memory files, increasing the chance of unintended data retention or action at the wrong time.

Ssd 3

Medium
Confidence
94% confidence
Finding
The documented workflow explicitly directs the agent to persist user-provided and tool-derived details into memory files, including categories that often contain sensitive content such as configuration values, endpoints, error traces, and user preferences. This creates a durable data-retention surface that can leak secrets, internal infrastructure details, or personal data to future sessions, other skills, or anyone with filesystem access.

Ssd 4

Medium
Confidence
81% confidence
Finding
The four-stage workflow normalizes broad scanning and extraction of conversation and tool output before compaction, which increases the likelihood that sensitive data will be collected as part of a routine maintenance action. In this skill context, that is more dangerous because compaction is likely to be used on long sessions that already contain credentials, internal paths, endpoints, debugging traces, and other high-value data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs broad extraction of facts, configuration values, endpoints, file paths, errors, preferences, and progress from tool outputs and conversation, then appends them to persistent memory files. This creates a real retention and leakage risk because sensitive or secret material from logs, configs, command output, or user inputs may be stored durably without minimization, classification, consent, or redaction.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal