ClawHub

procedural-distiller

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built to turn past session traces into persistent reusable skills, but it can save sensitive commands, code snippets, and paths without a clear user approval or redaction step.

Install only if you want persistent procedural memory from completed sessions. Before running it, review traces for secrets, private source code, customer data, tokens, and unsafe commands; use a controlled output directory; inspect generated learned skills before reuse; and do not let preserved commands or edits run automatically in a different project or account context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly instructs reading traces and writing generated artifacts (`skills/learned/.../`, `memory.json`) but declares no explicit permissions or safety boundaries. That mismatch can cause an agent runtime or reviewer to underestimate file system access, increasing the chance of unintended reads/writes or misuse if traces or output paths are attacker-controlled.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill directs the agent to create files and modify `memory.json` as part of normal operation without any user-facing disclosure or confirmation step. In context this is likely intended functionality, but silent persistence can still surprise users, overwrite local state, or store sensitive workflow details from prior traces without clear consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal