ClawHub

Context Sync

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Aicoo context-sync skill, but it grants broad remote upload, edit, and delete authority without enough explicit safety checks.

Review before installing. Use only with Aicoo workspaces and API credentials you trust, ask the agent to show exact files or remote paths before upload, edit, or delete, exclude secrets and private data, and avoid memory/self or links policy changes unless you intentionally want to alter agent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest description contains very broad trigger phrases like 'browse workspace', 'search my notes', and 'update my agent' that can overlap with common user requests and cause the skill to activate in situations where the user did not clearly consent to syncing or transmitting data. Because this skill performs authenticated remote operations against a third-party API, overbroad invocation increases the chance of unintended data access, modification, or upload.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents a delete capability using the bulk `/accumulate` endpoint without any explicit warning, confirmation requirement, or safeguard. In a context-sync skill, destructive operations are especially risky because a user may expect upload/sync behavior, not silent remote deletion of stored notes or files.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill requires an API credential and repeatedly sends workspace content to an external service, but it does not provide a privacy or security warning to the operator. Users may not realize that local notes, file contents, folder structure, and identity files are being transmitted to a remote system under bearer-token authentication.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example normalizes scanning a local project directory, reading each file, and uploading all contents to a remote service without any explicit user confirmation, sensitivity screening, or warning about secrets that may be present in docs. In a context-sync skill, this is especially risky because users may treat project folders as safe while they often contain credentials, internal architecture details, security notes, or proprietary information.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal