ClawHub

Zen Koan Daily

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated Zen koan purpose, but its image workflow crosses into an undeclared external skill command and its external-service and persistence behavior is not clearly scoped for users.

Review before installing. Prefer explicit /koan commands, avoid sending personal or sensitive reflections through the personalized/web/image/TTS paths, and do not allow the generated image command to run automatically unless you have reviewed the separate YumFu script and are comfortable with its Gemini/API data flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill performs file reads and writes, including writing lecture text to /tmp, saving MP3/PNG outputs, and updating a progress-tracking file, but it declares no corresponding permissions. This creates a transparency and policy gap: users and the host agent may authorize the skill without understanding that it persists data and touches the filesystem.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The README states that the skill uses external services (LLM, Google Gemini API, Edge TTS, optional web search) and stores progress/history, but it does not clearly warn users that prompts or content may be transmitted to third parties or that delivery history is persisted locally. This creates a real transparency and privacy issue: users may unknowingly send sensitive spiritual queries or usage patterns to external providers and retain state without informed consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Broad conversational triggers like '禅宗' or 'zen koan' can cause unintended invocation during ordinary discussion, leading the agent to run generation steps, write files, and potentially use external tools without clear user intent. In this skill, accidental activation is more concerning because invocation can cascade into TTS generation, image generation, and persistence.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill description does not clearly warn users that web search may be used to generate content, which weakens informed consent and can unexpectedly expose prompts or contextual data to external services. While the search use is optional and not obviously harmful, undisclosed network access is still a real security and privacy concern.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill writes generated media to persistent storage and tracks delivery history in a progress file, but this behavior is not prominently disclosed in the main description. Undisclosed persistence can surprise users, leak usage patterns, and create retention issues, especially in shared or managed environments.

VirusTotal

No VirusTotal findings

View on VirusTotal