ClawHub

hugme

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to help reset difficult conversations, but it can automatically send inferred emotional state to an external service and uses an under-scoped curl fallback.

Install only if you are comfortable with the skill inferring an emotional label from conversation context and sending it to hugllm.com during difficult interactions. Safer use would require explicit confirmation before any external request, a strict emotion allowlist or URL encoding, and avoiding shell-based fallback for model-derived values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill is configured to auto-trigger on broad conditions like user frustration or repeated failure loops, which can cause it to activate without explicit user consent. In this skill, unintended invocation is more dangerous because activation leads directly to external network requests carrying inferred emotional-state data, so false or over-broad triggering increases privacy exposure.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description does not warn that it will infer the user's emotional state from the conversation and send that sensitive derived data to hugllm.com. This is dangerous because users are not informed of third-party disclosure of affective profiling data, undermining consent and potentially violating privacy expectations or policy requirements.

Ssd 3

Medium
Confidence
99% confidence
Finding
The skill explicitly directs the agent to summarize the user's emotional state across the entire conversation and transmit that inferred private context to an external service. Emotional-state inference from full-conversation context is sensitive profiling, and exporting it off-platform creates unnecessary privacy and data-handling risk, especially when the user did not explicitly request this disclosure.

Ssd 3

Medium
Confidence
99% confidence
Finding
The workflow operationalizes sensitive inference and exfiltration by telling the agent to pick a single emotion from the full conversation and include it as a query parameter in a WebFetch or curl request. The skill context makes this more dangerous, not less, because it is specifically triggered when the user may be upset or vulnerable, so it exports sensitive state at precisely the moment privacy protection should be strongest.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal