ClawHub

Campaign

Security checks across malware telemetry and agentic risk

Overview

This is a local campaign command-line helper that stores entered campaign text on disk, but the behavior is purpose-aligned and there is no evidence of network exfiltration, credential access, or hidden execution.

Install only if you are comfortable with campaign drafts and related text being stored in plaintext under ~/.local/share/campaign. Avoid entering secrets, customer data, embargoed plans, or confidential business material unless you are prepared to manage or delete that directory yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill presents itself as a general-purpose campaign utility, but the documented behavior includes persistent storage, export, search, and activity reporting that materially expand its data-handling scope. This can cause users or orchestrators to invoke it without realizing it retains and redistributes entered content, creating privacy and unintended data exposure risks.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The invocation cue is overly broad ('Use when you need campaign'), which gives an agent little constraint on when to select this skill. In an automated environment, ambiguous triggers can lead to unnecessary execution of a tool that stores and exports data, increasing the chance of accidental data collection or misuse.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill documents local storage in ~/.local/share/campaign and export capabilities without warning users that entered content may be retained and written out in portable formats. If sensitive campaign notes, budgets, customer data, or internal metrics are handled, this omission can lead to unintended retention and disclosure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persistently stores all user-provided content under ~/.local/share/campaign and offers status, search, recent, and export commands without clearly warning users that inputs are retained indefinitely. In a skill context, users may enter sensitive drafts, campaign copy, client notes, or credentials by mistake, creating a privacy and local data-exposure risk if the account or filesystem is later accessed by another party.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal