ClawHub

Time Capsule 🔮

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a coherent time-capsule tool, but it stores and later reuses sensitive conversation-derived context more broadly than users may expect.

Review this skill before installing if you use the agent for personal, medical, relationship, work, or other sensitive conversations. It should be treated as a privacy-sensitive journaling/memory tool: only seal content you are comfortable storing locally, and prefer using it only if you can review or limit the extra metadata and prior-memory context it saves or resurfaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly stores sealed user messages, mood, context snapshots, recent topics, and other conversation-derived metadata in a local JSON file, but nowhere requires clear user consent or notice that this content will persist on disk. Because time capsules are likely to contain intimate personal reflections, silent persistence increases the risk of privacy harm if the host, filesystem, backups, or other tools expose that file.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The seal flow instructs the agent to enrich capsules using recent conversation context, inferred mood, tags, and query hints without an explicit privacy warning or consent step. This broadens collection beyond the user's exact sealed message and may capture sensitive contextual data the user did not realize would be embedded and later reused.

Ssd 3

Medium
Confidence
88% confidence
Finding
The open flow directs the agent to mine prior memories and incorporate historical content into the opening output, potentially resurfacing sensitive information from unrelated conversations. Without strict scoping, consent, or minimization, this can cause privacy leakage and surprise disclosure, especially if the returned reflection blends sealed content with broader memory data the user did not expect to be reintroduced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal