ClawHub

Workbuddy Smart Learning

Security checks across malware telemetry and agentic risk

Overview

This skill locally learns from task feedback and work patterns, with privacy-sensitive memory behavior that is mostly disclosed and aligned with its purpose.

Install only if you are comfortable with local persistence of task history, feedback, timing, tool usage, and derived templates under .workbuddy/memory. Set the workspace path explicitly before running it, avoid free-form notes containing secrets or sensitive business details, and delete old memory files when you no longer want the skill to learn from them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code hard-codes a Windows Administrator workspace path and instantiates the system against it by default. That gives the skill unjustified access to a privileged, user-specific directory and can expose or process sensitive data from an administrator profile without explicit user consent or configuration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states the system will collect implicit behavioral signals such as reuse rate and wait time, but it does not disclose the scope of collection, retention, consent model, or privacy implications. In an agent skill context, silently capturing behavioral telemetry can expose user habits and workflow metadata without informed consent, creating a genuine privacy and compliance risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs the system to automatically prompt for post-task feedback and defines persistent storage for ratings, tags, and notes, but it does not warn users that these inputs will be retained in memory files. Freeform notes may contain sensitive business or personal information, so collecting and storing them without clear notice and consent is a real privacy issue.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README proposes cross-workspace sharing of learned patterns without any warning about data-sharing boundaries, authorization, or anonymization. In this skill's context, patterns are derived from task history, feedback, and memory data, so sharing across workspaces could leak sensitive organizational workflows or user behavior into unrelated contexts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly describes passive collection of five categories of user behavior signals ('无感采集') and stores them under persistent memory paths, but provides no user-facing notice, consent flow, retention limits, or privacy controls. Silent behavioral telemetry can expose sensitive work habits and task patterns over time, especially in an agent context where users may not expect background profiling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The task profiling section records execution traces, template use, tool calls, outcomes, and durations, which creates persistent behavioral logs tied to task identifiers. Because the skill does not warn users about storage or explain access boundaries, it risks collecting sensitive workflow data without informed consent and may expose prior activity to later sessions or other components.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The module persists task IDs, timestamps, tags, notes, and context hashes to local JSON files under a hidden workspace directory without any built-in consent flow, warning, retention control, or minimization. In an agent skill context, user notes and task metadata may contain sensitive operational or personal information, so silent persistence creates a real privacy and data-governance risk even if there is no remote exfiltration.

Missing User Warnings

High
Confidence
95% confidence
Finding
The module is explicitly designed for 'implicit' collection of user behavioral signals and persists task summaries, timing, tool usage, feedback presence, cancellation state, and notes to disk under a hidden workspace directory, with no consent, notice, minimization, or access control visible in this file. In an agent skill context, this creates a real privacy/security risk because it silently builds a behavioral telemetry log that may contain sensitive work patterns and task content without user awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The module persistently writes detailed task execution telemetry to disk under the workspace without any consent, visibility, retention control, or access restriction. These records can expose task summaries, tool usage, timing, and outcomes, which may reveal sensitive workflow or project information if the host is shared or the workspace is later exfiltrated.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the system at new-session start to read MEMORY.md and recent daily memories whenever historical context is detected, creating cross-session data reuse without clear scoping or user confirmation. This can surface prior conversation data in unrelated contexts, increasing the risk of overexposure of sensitive information or unintended profiling across interactions.

Ssd 3

Medium
Confidence
93% confidence
Finding
The architecture and storage layout describe persistent collection of implicit signals, task profiles, patterns, templates, and failed-pattern avoidance rules under a memory directory, which amounts to long-term retention of detailed user activity data. In an agent skill, this broad retention materially increases privacy and data exposure risk because later components may mine or reuse the stored activity history beyond the original task context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal