ClawHub
Back to skill

Security audit

Double-Check-It Skill ( 龙虾再想想技能1.0.1)

Security checks across malware telemetry and agentic risk

Overview

This skill is not overtly malicious, but it can automatically create persistent local records of conversations, task details, and inferred lessons with weak user controls.

Install only if you intentionally want a local long-term memory system for conversations and task work. Before using it, decide where the memory folder is stored, how entries will be reviewed and deleted, and whether to disable automatic recording or idle reflection for sensitive, personal, credential-related, or business-confidential tasks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes generic phrases like 'what's wrong' and 'check again', which are common in normal conversation and can cause unintended activation. In this skill, unintended activation is more dangerous because activation can lead to automatic logging, indexing, and follow-on processing of user content without a deliberate request.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill says auto-memory triggers after every user interaction, after actions complete, and at key execution points, which is effectively always-on collection. Such broad and ambiguous conditions create a high risk of indiscriminate retention of sensitive conversation content, including data the user did not expect to be stored.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill advertises automatic memory and reflection features but provides no user-facing warning about privacy, retention, or secondary use of data. This is dangerous because users may reveal sensitive information during normal QA interactions without understanding it will be persistently stored and later mined for lessons or preferences.

Missing User Warnings

High
Confidence
99% confidence
Finding
The instructions require storing detailed user quotes, emotional states, execution history, failures, and remediation notes, but there is no guidance to avoid secrets or sensitive personal data. This creates a clear risk of collecting and preserving high-sensitivity content in a structured form that is easier to search, correlate, and leak.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Idle reflection periodically reprocesses recent diaries and writes derived memories such as corrections, feedback, and preferences, again without warning or consent. This compounds privacy risk by turning transient conversations into long-lived inferred profiles, increasing exposure beyond the original interaction.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persists arbitrary user-supplied content to disk under a fixed workspace path without any user-facing notice, consent flow, retention policy, or sensitivity filtering. In a memory/QA skill, users may provide task details, requirements, or other sensitive text that can later be exposed to other local processes, users, backups, or accidental disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The reflection workflow reprocesses historical diary entries to extract corrections, feedback, and preferences into a new summary file, but does so silently. This expands the scope and persistence of stored user data and increases privacy risk because information originally written once is mined and recopied into additional artifacts without clear notice or consent.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs persistent logging of users' original messages and detailed interaction history. That semantic retention creates disclosure risk because sensitive information, credentials, personal data, or confidential business content may be preserved in memory files and later exposed through indexing, retrieval, or compromise of local storage.

Ssd 3

High
Confidence
98% confidence
Finding
Automatic recording of every interaction and key execution event enables broad collection of private user data as a default behavior. In this skill's context, the danger is elevated because collection is systematic, recurring, and tied to a memory/indexing subsystem, making accumulation and later disclosure much more likely.

Ssd 3

Medium
Confidence
92% confidence
Finding
The priority rules and examples normalize preserving exact statements, emotional context, and important requests, which increases the chance that sensitive or embarrassing user content will be retained. Emotional tagging and exact quotations also create richer profiles that are more harmful if exposed than simple task summaries.

Ssd 3

Medium
Confidence
95% confidence
Finding
The reflection workflow mines recent diaries for errors, feedback, and user preferences and writes those into a separate experience store, increasing both retention duration and semantic sensitivity. This is dangerous because inferred preferences and lessons can reveal behavioral patterns or confidential priorities not explicitly intended for long-term storage.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill is explicitly designed to retain user requests/needs in diary files and later resurface them during checks, creating a natural-language data retention risk. In this context, the danger is higher because the feature's purpose is memory persistence: users may supply sensitive requirements, internal project details, or personal preferences that are then stored and echoed back from disk beyond the original interaction.

Ssd 3

Medium
Confidence
93% confidence
Finding
The reflection logic selectively harvests corrections, errors, feedback, and preferences from diaries into reusable 'experience' summaries, which compounds retention and increases the chance that sensitive behavioral or preference data is normalized into long-lived knowledge. Because this skill is specifically framed as memory and quality assurance, this secondary-use behavior is more dangerous than in a transient tool: it encourages silent profiling and broad reuse of prior user content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.