ClawHub

Conversation Distill

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only note-distillation skill that may inspect the current conversation and optionally write approved summaries to a notes tool, with no executable code or requested permissions.

Install only if you are comfortable with the agent reviewing the current conversation for takeaways. Use “skip” or “don’t save” when you do not want a reminder, and only say “write” or “save” after checking the proposed notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The README presents inconsistent activation semantics: it says the skill only asks at the natural end or on explicit request, but also describes it as a closing ritual that scans the full session and proceeds through a structured flow for every meaningful conversation. This ambiguity can cause users or integrators to misunderstand when the skill activates and what data it processes, increasing the risk of unintended full-session analysis and downstream note-writing workflows.

Description-Behavior Mismatch

Low
Confidence
80% confidence
Finding
The trigger phrase list broadens activation language beyond the narrower conditions in the skill metadata, especially by listing generic closings and a manual command without the same gating language about substantive content. That mismatch can lead to over-triggering or user surprise, which is risky for a skill that scans entire conversations for extractable content.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Using very common conversational closings like 'thanks', 'got it', or 'done for now' as triggers is overly broad and can invoke the reminder unexpectedly in ordinary chats. In this skill's context, unexpected invocation is more sensitive because the feature scans the full session and may prompt users around preserving decisions, judgments, or personal observations they did not intend to distill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal