ClawHub
Back to skill

Security audit

Megan

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed study and Obsidian note-management skill, with local file-writing features users should invoke deliberately.

Install only if you want an assistant that can maintain files under ~/obsidian-vault/shutong/. Keep backups, use explicit prompts for create/delete/export actions, and review any reminders or exported files before relying on or sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger list contains many common everyday phrases such as “提问”, “追问”, “找到”, and exam-related phrases that are likely to appear in normal conversation. This can cause the skill to activate unexpectedly and then perform file-backed note, planning, or search workflows the user did not explicitly request, increasing the chance of unintended data access or modification.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that notes may be created or deleted and that `MOC.md` is automatically updated, but it does not say that these are data-modifying operations requiring explicit user approval. In a vault-integrated skill, silent writes or deletes can alter the user's knowledge base unexpectedly, especially when combined with broad triggers and automation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises batch export, PDF/zip generation, and document-management features without warning the user that files may be generated, reorganized, or stored in the vault. These actions are not inherently malicious, but in this context they can create unexpected artifacts, consume storage, expose sensitive notes through exports, or modify document organization without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal