ClawHub

zqtest

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory-graph skill, with the main caution that it intentionally persists shared workspace memory.

Install this only if you want a shared local memory graph in the workspace. Do not store raw passwords, tokens, or private secrets in it, review memory/ontology files periodically, be careful with broad “remember” requests, and verify the zqtest/ontology package identity before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly documents write-capable behavior to workspace files (`memory/ontology/graph.jsonl`, `memory/ontology/schema.yaml`) and directory creation, but no explicit permissions declaration is present. That mismatch is a real security issue because it weakens policy enforcement and informed consent: an agent or reviewer may treat the skill as lower-risk than it is while it can persist or modify shared state.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest describes ontology graph CRUD/query/state-sharing behavior, but this script also exposes schema authoring and merge capabilities through `schema-append`. That expands the skill's authority from operating on data to modifying validation rules and constraints, which can let callers weaken or redefine guardrails for other skills that rely on the schema, creating a form of policy/configuration injection and trust-boundary violation.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are broad (`remember`, `what do I know about`, `link X to Y`, entity CRUD, cross-skill data access), which increases the chance the skill activates in situations where the user did not intend persistent memory or graph mutation. In a memory-sharing skill, unintended activation is more dangerous than usual because it can silently write durable state or expose related entities across tasks and skills.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it reads/writes local workspace files and creates the `memory/ontology` directory, but it does not prominently warn that using the skill modifies persistent workspace state. This is dangerous because users or orchestrators may invoke it expecting ephemeral reasoning, while it can leave durable artifacts, alter shared memory, or affect later skills through cross-skill state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal