ClawHub

Buffer

Security checks across malware telemetry and agentic risk

Overview

Buffer is a session-continuity skill that persistently writes local handoff and memory files and installs a disclosed local companion auditor, but the reviewed artifacts do not show exfiltration, credential access, destructive behavior, or hidden unrelated capabilities.

Install this only if you want the agent to persist session state and create a local buffer-optimizer companion skill. Review or back up HANDOFF.md, MEMORY.md, AGENTS.md, and any existing skills/buffer-optimizer directory first, and avoid using it in workspaces where local session notes or prompt files should not be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill instructs automatic installation of a second skill and associated setup actions on first run, expanding capabilities beyond the user's apparent request for session management. This creates an unexpected trust boundary change: merely invoking one skill can persist new code and modify workspace state, which is risky in adversarial or shared environments.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
The skill can create shell scripts that inspect workspace files and enumerate skills, then instruct later execution of those scripts. Persisting executable audit tooling from inside a skill materially increases attack surface because a compromised or modified embedded payload could establish broader file-system reconnaissance or unsafe command execution under the guise of setup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that on first run the skill sets up the workspace and extracts a companion skill automatically, but it does not clearly warn users that local files will be created or modified. This is risky because users may invoke the skill expecting passive session assistance, while it actually performs persistent filesystem changes and installs additional functionality, which can violate user expectations and expand the trusted code surface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes continuous reads and writes of HANDOFF.md, MEMORY, and related session artifacts, but does not clearly disclose that session data will be persisted across runs. Persistent storage of session state can retain sensitive prompts, plans, or operational details, and repeated modification of local files without prominent warning can cause privacy, integrity, and auditability issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs creation and potential overwriting of workspace files, including HANDOFF.md and additional skill files, without prominent disclosure in the top-level description or an explicit consent step. Silent persistence and file modification are dangerous because users may invoke the skill expecting passive session guidance, not code/file installation that changes future agent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal