ClawHub

Ima Skills 1.0.4

Security checks across malware telemetry and agentic risk

Overview

This is a real personal-notes integration, but its broad activation and write access to private notes need user review before installation.

Install only if you want an agent to access and modify your IMA personal notes. Use explicit prompts for searches and writes, review the target notebook or note and the exact content before any create or append action, and avoid enabling it where vague requests like “save this” or “I wrote something before” could be misinterpreted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The UTF-8 section instructs the agent to read arbitrary local files (`tmpfile`) and ingest content from external sources like WebFetch before sending it to the note API. That broadens the skill from note management into generalized file/content exfiltration and creates a path for unintended disclosure of local or fetched sensitive data into a third-party service.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger conditions are overly broad and include common conversational phrases such as '帮我记一下' and references to having written something before. This can cause the skill to activate on ambiguous requests and perform note searches or writes without the user clearly intending to access or modify their notes, increasing the risk of privacy-impacting actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill supports creating and appending to user notes but does not require an explicit confirmation step before performing those state-changing actions. That makes accidental or misunderstood requests more likely to result in persistent data modification in the user's personal note store.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance is broad enough that ordinary phrases about remembering, saving, or prior writing could invoke the skill even when the user did not clearly intend note access. In a privacy-sensitive note service, over-broad activation can cause unintended searches, listing of notebooks, or retrieval of personal content, which materially increases the risk of unauthorized disclosure within the conversation context.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The phrase '导入笔记' is underspecified because it does not constrain the source content, destination notebook, or whether the user is authorizing creation of a new note from the current conversation. That ambiguity can lead the agent to persist content unexpectedly, creating privacy, integrity, and user-consent risks through accidental note creation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes write-capable operations that create notes and append to existing notes, but the documentation does not require an explicit confirmation or warning before performing these state-changing actions. In an agent setting, this makes accidental or socially engineered persistence of sensitive or incorrect content more likely, especially because notes are long-lived personal data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal