ClawHub

export-conversation-summary

Security checks across malware telemetry and agentic risk

Overview

This skill locally exports a Claude Code conversation to markdown as advertised, but the generated file can contain sensitive chat, project, command, and metadata details.

Install this only if you intentionally want detailed local conversation exports. Before sharing, uploading, or committing the generated markdown, review it for secrets, private code, personal data, internal file paths, command history, and unintended session content; also confirm the selected JSONL file if multiple Claude Code sessions are active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s stated purpose is transcript export, but it additionally instructs the agent to score and critique both the user and the model. That expands processing of sensitive conversation data beyond the user’s likely expectation and creates unnecessary profiling content that may be stored on disk alongside the transcript.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill directs use of a general-purpose agent with broad tool access to perform a task that mainly requires reading a known file and writing markdown. Over-privileging increases the blast radius if the parsing prompt is subverted or if the agent accesses unrelated files, tools, or network resources during export.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill exports the full conversation to disk without any explicit warning, confirmation, or redaction step for secrets and personal data. Conversation logs commonly contain credentials, proprietary code, internal paths, command history, or other sensitive context that becomes easier to leak once written to a markdown file.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly instructs export of the full conversation log, including user content, assistant responses, model operations, and metadata, into plain markdown. This materially increases the risk of disclosing sensitive user data and internal operational details because the output is durable, portable, and easy to share or commit accidentally.

Ssd 3

High
Confidence
98% confidence
Finding
The template requires extraction of ALL user and assistant messages in chronological order and preservation of original content, which can capture passwords, API keys, private prompts, proprietary code, and confidential troubleshooting details verbatim. Because the task is to create a reusable transcript file, any sensitive material becomes easier to retain, index, and exfiltrate.

Ssd 3

Medium
Confidence
95% confidence
Finding
Including commands executed, files accessed, searches, agents used, and token usage exposes internal behavior and project structure that may be sensitive even when message text is innocuous. This operational metadata can reveal repository layout, developer workflows, system details, and other context useful to an attacker or inappropriate for broad sharing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal