ClawHub

SwarmVault

Security checks across malware telemetry and agentic risk

Overview

SwarmVault is a disclosed local knowledge-vault skill whose main risks are intentional persistence, export, and optional sharing of user data.

Install this only if you want a durable local vault. Treat anything ingested into SwarmVault as retained data: emails, chats, transcripts, source code, calendars, and exports may be copied into `raw/`, `wiki/`, `state/`, or export folders. Review artifacts before sharing, serving, committing, pushing to Neo4j, or handing them to another tool, and use local providers or isolated `SWARMVAULT_OUT` paths when working with private or regulated material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly encourages ingesting and persistently storing sensitive content such as emails, calendars, transcripts, mailbox files, and chat exports on disk, but it does not pair that guidance with any clear privacy, consent, or handling warning. In a local-first knowledge-vault skill, that omission is dangerous because users may process third-party or regulated data without realizing the legal, ethical, and security implications of durable retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes optional provider-backed synthesis, web search, public video retrieval, and external model/audio backends, but does not clearly disclose that source content may be transmitted off-host to third-party services. That is risky because users may assume the tool is fully local-first and inadvertently send proprietary or personal data to external providers during compile, query, lint, transcription, or retrieval workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill repeatedly instructs the agent to run commands that create and persist large volumes of local artifacts, including raw sources, extracted content, chat transcripts, context packs, graph data, exports, task ledgers, and review state. While durable local storage is the core purpose of the tool, the skill does not prominently warn that sensitive user inputs, repository contents, transcripts, and derived summaries may be written to disk automatically and retained across sessions, which can expose private data through persistence, backups, source control, or later handoff.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example explicitly includes commands that post, serve, or bundle repository-derived graph artifacts, but it provides no warning about exposing proprietary code structure, sensitive metadata, or derived content from private repositories. In this skill's context, users are encouraged to ingest and compile codebases, so normalizing `graph share --post` and `graph serve` without guardrails increases the chance of accidental data disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The example explicitly promotes saved conversation state in `wiki/outputs/chat-sessions/` and `state/chat-sessions/` but does not warn users that potentially sensitive research queries, uploaded content, and derived summaries may persist on disk. In a local-first knowledge vault, persistent chat history can easily capture confidential material, making this more dangerous because users may assume ephemeral assistant behavior when the workflow actually stores durable records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow instructs users to run `swarmvault export ai --out ./exports/ai` and states that static handoff files will be created, but it does not warn that compiled research data, excerpts, and potentially sensitive source-derived content will be written to a portable on-disk export. This is risky because exporting materially increases the chance of unintended disclosure, duplication, or later reuse outside the original vault's expected boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The command reference includes destructive or state-changing operations such as source deletion, review acceptance, task updates, repair actions, and commit-style actions without any caution that they modify local state or may be hard to undo. In a skill intended for agent use, terse examples can be copied or invoked automatically, increasing the chance of unintended data loss, approval bypass, or mutation of a user's vault.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The sharing and export section documents commands that publish, bundle, export, or push vault and graph data to files, share artifacts, or external systems without warning about sensitive-content exposure. Because SwarmVault is a local-first knowledge vault handling notes, transcripts, code, and datasets, these examples can lead users or agents to exfiltrate private material, credentials, proprietary code, or personal data by default.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal