ClawHub

火一五知识库技能(Karpathy)

Security checks across malware telemetry and agentic risk

Overview

This knowledge-base skill is coherent, but it can persist and sync user content to Odoo and includes broad triggers and deletion instructions without clear confirmation safeguards.

Install only if you want the agent to save selected content into local memory and potentially your company Odoo knowledge base. Use a least-privilege Odoo account, review content before syncing, and require explicit confirmation before creating, merging, or deleting knowledge entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match ordinary conversational language such as '记一下' or '更新知识库', which can cause the skill to activate when a user did not clearly consent to persistent storage. In this skill's context, unintended activation is more dangerous because the workflow explicitly writes captured content to local memory and synchronizes it to an external Odoo knowledge base, creating privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill description does not warn users that invoked content may be written to the local memory directory and then synced to Odoo, so users may disclose sensitive information without informed consent. This is especially risky here because the skill is designed for knowledge capture from conversations, documents, and emails, all of which may contain confidential or personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal