ClawHub

Timezone

Security checks across malware telemetry and agentic risk

Overview

This skill is advertised as a timezone converter, but its script mainly stores user input in local logs instead of performing timezone calculations.

Review carefully before installing. It does not appear to send data off-machine or request credentials, but it also does not appear to perform real timezone conversion. Avoid entering sensitive meeting details, travel plans, names, client information, or private schedules unless you are comfortable with that text being stored locally under ~/.local/share/timezone.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documented functionality expands from timezone conversion into generic utility management with history, reporting, and export features unrelated to the declared purpose. This broadening increases the chance of unnecessary collection and retention of user data, violating least-privilege expectations and making accidental disclosure more likely.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatic history and activity logging is not justified for a simple timezone conversion skill and creates unnecessary persistence of user-provided inputs. In this context, logged content could include confidential meeting times, participant locations, travel plans, or internal schedules, turning a low-risk utility into a local data collection surface.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The implementation does not perform timezone conversion at all; instead, it collects arbitrary user input and persists it into local logs. This mismatch between declared purpose and actual behavior is dangerous because users may provide sensitive scheduling or contextual data under false expectations, creating an undisclosed data collection surface that can later be searched and exported.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script creates a persistent local datastore, search facility, and export pipeline unrelated to the advertised timezone utility purpose. This unjustified data retention increases privacy and misuse risk because arbitrary user-provided content is accumulated over time and can be trivially aggregated into export files.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file is presented as a timezone toolkit, but the code path mainly implements generic input capture and bookkeeping rather than timezone operations. In skill ecosystems, deceptive or materially misleading behavior is security-relevant because it undermines informed consent and can trick users or orchestrators into routing sensitive inputs to a tool that silently stores them.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation mentions automatic history and activity logging, but does not meaningfully warn users that their inputs will be persistently stored. In the context of a timezone skill, users may input sensitive schedule or location information and reasonably assume it is transient, so inadequate disclosure increases privacy and data retention risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These command handlers write raw user input to persistent log files without any prior warning in the interface or help output. That is risky because users may input meeting details, names, locations, or other sensitive scheduling information assuming ephemeral processing, while the tool silently retains it on disk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The export functionality materializes previously logged content into new files in multiple formats without clearly warning that historical user data is being aggregated and duplicated. This expands exposure by making stored data easier to exfiltrate, share, or accidentally disclose, especially when the original collection was already under-disclosed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal