ClawHub

FlowCouncil — AI Think Tank With 5 Expert Fellows

Security checks across malware telemetry and agentic risk

Overview

FlowCouncil is an instruction-only debate and decision-support skill, with clear optional web research in Deep mode and a local decision-log instruction users should be aware of.

Use Quick mode for sensitive drafts, private strategy, or customer data. Use Deep mode only when it is acceptable for search queries about the topic to reach external search providers. Review or delete any memory/YYYY-MM-DD.md decision logs if a verdict contains private business, legal, financial, or personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
In Deep mode, the skill instructs the agent to perform web searches and gather external data even though the skill is presented primarily as a debate/synthesis tool. That expands the skill's effective privileges and creates risk of unbounded external access, including retrieval of untrusted content, data leakage through search queries, and behavior the user may not expect from a 'think tank' skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instruction to log significant verdicts to persistent memory files introduces data retention unrelated to the core debate function and does so automatically. This can cause sensitive business plans, product decisions, or pasted user content to be stored beyond the session, increasing privacy, confidentiality, and cross-session leakage risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill tells the agent to write decisions to persistent memory without any user-facing disclosure or consent. Hidden persistence is dangerous because users may share confidential strategy, customer data, or draft content assuming ephemeral processing, and that information could later influence unrelated sessions or be exposed through memory retrieval.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal