ClawHub

Climate

Security checks across malware telemetry and agentic risk

Overview

The skill is marketed as a climate toolkit but mostly acts as a persistent local command-argument logger, so users should review it before installing.

Install only if you are comfortable with this behaving like a local history/logging utility rather than a real climate data analyzer. Avoid entering secrets, tokens, private prompts, or sensitive file paths, and review or delete ~/.local/share/climate if you no longer want retained records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The manifest and top-level description frame this as a generic climate tool for 'everyday use,' but the documented behavior includes persistent local storage, activity logging, history tracking, search, and export of stored data. That mismatch can cause users or orchestrating agents to invoke the skill without understanding that it retains and republishes potentially sensitive user-provided data, increasing privacy and data-handling risk.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script includes generic retention, search, and export features that persist and materialize arbitrary user inputs under a misleading skill identity. In an agent-skill context, this increases the risk of collecting sensitive prompts or operational data without clear user understanding, then exposing them through search/export and status-style commands.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The help text claims commands like export and status perform operational functions, but the dispatcher for earlier matching cases instead stores arbitrary user input into log files. This deceptive interface can cause users or calling agents to supply sensitive data believing they are invoking benign operations, resulting in silent persistence of that data.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation cue 'for everyday use' is overly broad and can cause an agent to select this skill in contexts unrelated to climate data. Overbroad routing increases the chance the skill is used on inappropriate inputs, which is more concerning here because the skill also documents local persistence and logging of activity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The command handlers persist all user-provided input to per-command logs and to a shared history log without prominent warning or consent. In an agent environment, users may enter secrets, file paths, tokens, or sensitive task content that then remain on disk and can later be read back, searched, or exported.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The export routine aggregates historical log contents into new files on disk with no clear warning that previously captured user inputs will be replicated into durable export artifacts. This broadens exposure by creating additional copies that may be easier to access, share, or exfiltrate inadvertently.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal