ClawHub

Mood Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate mood tracker, but it stores sensitive mood and journal data locally without enough disclosure or privacy controls.

Review this skill carefully before installing if you share your machine, sync your home directory to cloud backups, or may write private mental-health details. Confirm exactly where it stores mood logs and journal files, how to delete them, and whether file permissions are restricted before using it for sensitive entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill advertises local data storage and exposes commands such as log and journal, which imply file-writing behavior, but the manifest does not declare any permissions or storage scope. That mismatch can undermine security review and user expectations, especially because the skill handles sensitive mental-health-related personal data.

Vague Triggers

Medium
Confidence
67% confidence
Finding
The description uses broad phrasing like 'Use when you need Mood Tracker capabilities,' which does not clearly constrain when the skill should be invoked. Overly broad invocation language can cause the agent to select the skill in loosely related contexts and expose sensitive personal information to a tool that stores user data locally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script stores highly sensitive mental health data in predictable local files under the user's home directory without any notice, consent flow, retention guidance, or access-control hardening. In the context of a personal wellness tool, users may reasonably disclose intimate emotional information, making undisclosed persistence a real privacy risk if the device is shared, backed up, or later accessed by other local processes or users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The journal feature appends arbitrary free-text entries to a dated markdown file without warning the user that private reflections will be permanently written to disk. Because free-text journal content can contain far more sensitive details than numeric mood scores, the lack of disclosure and privacy controls is especially risky in a mental-health tracking skill.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal