ClawHub

Cat Therapy

Security checks across malware telemetry and agentic risk

Overview

This cat-relaxation skill is mostly coherent, but it ships with leftover user-specific preference data and stores custom photos or sounds in a shared local file with weak privacy boundaries.

Review or delete user_cats.json before installing. Only use custom photo or sound features if you are comfortable with that media being stored in the skill directory and reused in chat platforms; check how your OpenClaw environment scopes skill files between users or workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
94% confidence
Finding
The Chinese trigger phrases are very broad everyday expressions such as '休息一下' and '累了', which can easily appear in normal conversation without the user intending to invoke this skill. In a multi-skill or always-listening assistant environment, this can cause unsolicited activation, unexpected outbound messages, and reduced user control over when the skill runs.

Vague Triggers

High
Confidence
95% confidence
Finding
The English triggers include common phrases like 'tired', 'stress', and 'relax', which are likely to occur in ordinary chat and are not unique commands. This makes accidental triggering more likely across supported messaging platforms, especially because the skill is designed to auto-send media and audio as a response.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README says user-uploaded cat photos and audio can be saved and reused, but gives no notice about storage, retention period, deletion behavior, or who can access the content. Because these are user-provided media files and voice samples that may be personally identifying, the lack of transparency and consent controls creates privacy and compliance risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger design is overly broad for a cross-platform auto-send skill, so ordinary phrases like being tired or wanting to relax can unintentionally activate external media sending and preference-related flows. In chat environments this can cause unexpected outbound actions, accidental data processing, and user confusion at scale.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Single-word triggers such as 'stress', 'relax', and '喵' are highly ambiguous and likely to appear in normal conversation, making accidental activation even more probable. Because the skill can send media, call TTS, and use stored preferences, this ambiguity increases the chance of unintended processing or transmission.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill supports user-uploaded images and multi-platform delivery, but it does not clearly warn users that their provided media may be transmitted to external platforms or fetched from external services. This omission undermines informed consent and can expose personal photos or identifiers beyond what a user expects from a casual wellness feature.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal