ClawHub

Deep Reading

Security checks across malware telemetry and agentic risk

Overview

This is a coherent reading and note-taking skill, with disclosed local note persistence and optional memory/cron workflows that users should enable deliberately.

Install this if you want an agent to create and update local reading notes. Use it only with books and excerpts you are comfortable saving, review generated notes before feeding them into memory tools, and only configure the cron template if you want recurring autonomous updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill's workflow expands from reading notes into writing to `memory/YYYY-MM-DD.md`, which is outside the narrow scope implied by a reading assistant. This broadens where model-generated content is stored and can cause unintended persistence of sensitive text, user annotations, or copyrighted excerpts into a separate memory pipeline without clear consent boundaries.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Long-term memory integration is not necessary for a text-reading assistant and creates persistent storage of derived insights and potentially source excerpts across sessions. This increases data retention risk, widens the blast radius of prompt injection or sensitive-content capture, and may conflict with user expectations about ephemeral reading help.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Broad trigger phrases like everyday reading-related terms can cause accidental invocation in unrelated conversations, activating file-based workflows or write operations when the user did not intend to use this skill. In context, that matters because the skill is designed to inspect and update local note files, so unintended activation can lead to unwanted file access or modifications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents automatic creation and updating of local files without a clear upfront warning or consent checkpoint. This is dangerous because users may invoke what appears to be a conversational reading assistant and unexpectedly have persistent files created or modified in their workspace, potentially overwriting notes or storing sensitive material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal