ClawHub

wiki-maintainer

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible local wiki-maintenance helper, but it can automatically copy local files, fetch URLs through a third-party service, run a local script, and modify wiki files without clear approval gates.

Review this before installing if the wiki may contain private or business information. Use it only for a wiki directory you trust, ask the agent to confirm before copying local files, fetching non-public URLs, running lint.sh, or applying repairs, and keep the wiki under version control or backed up so unintended changes can be reviewed and reverted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to copy user-supplied file paths into the local wiki workspace without any safety checks, scope restriction, or user confirmation about touching local data. This can cause unintended ingestion of sensitive local files or propagation of private data into the knowledge base, especially because the target path is a real user directory on disk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells the agent to fetch network articles via jina but does not warn that doing so sends the target URL and related request metadata to an external service. That creates a privacy and data-governance risk, particularly if users provide internal, sensitive, or non-public links for ingestion.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The lint workflow authorizes running a shell script and then automatically repairing wiki content, including auto-triggering after every 10 ingests, without an explicit consent or review boundary. Executing local scripts from a user directory and making follow-on file modifications increases the risk of unintended command execution and silent changes to local data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal