ClawHub

Huo15 Openclaw Mit 48h Learning Method

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed NotebookLM-based learning workflow that saves study outputs locally and sends user-chosen materials to NotebookLM, with no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable using Google NotebookLM for this workflow. Do not upload confidential documents or paste sensitive answers unless you intend to send them to NotebookLM and keep local markdown copies under the configured knowledge directory. Consider setting MIT_LEARN_KB_DIR to a private location and periodically deleting old exports if the machine is shared, synced, or backed up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The script writes prompts, model outputs, notebook IDs, topic names, and timestamps to local files under the user's home directory. That creates an unadvertised persistence layer for potentially sensitive study material or user-entered answers, expanding data retention beyond transient workflow execution and increasing exposure if the host is shared, backed up, or later compromised.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are very broad, covering generic requests about learning, study aids, AI-assisted knowledge building, and common terms like '48小时学习' or 'NotebookLM'. Overbroad triggers increase the chance of unintended invocation, causing the skill to activate in contexts where users did not expect external uploads, persistent storage, or automated workflow actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several aliases are highly generic, including terms like 'MIT学习法', '48小时学习', and 'context-stacking', which are broad concepts rather than unique identifiers. This raises invocation-collision risk, where unrelated user requests may resolve to this skill and trigger networked or persistent behaviors unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that prompts, responses, and generated outputs are automatically saved and exported, but it does not provide a clear privacy warning or informed-consent step. Because users may enter study notes, proprietary materials, or sensitive answers, silent persistence to local knowledge-base files materially increases privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads local files, URLs, and YouTube sources to a remote NotebookLM service without an explicit consent or privacy notice at the point of transmission. Users may inadvertently send proprietary documents, personal data, or confidential research materials off-device, which is especially risky because this skill encourages broad source aggregation as part of its workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The query wrapper sends user prompts and follow-up answers to a remote service, which can include free-form sensitive data such as proprietary insights, personal notes, or confidential responses. Because the skill frames follow-up diagnosis as an interactive learning loop, users may disclose more detail than they realize without being warned that the content leaves the local machine.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill instructs saving all prompts and responses into a shared knowledge-base path, which can capture sensitive user-provided content in plain text. In a learning workflow, users may paste proprietary documents, internal notes, credentials by mistake, health/education records, or exam materials; persistent logging increases the chance of later disclosure, lateral access by other local users/processes, or accidental syncing/backups.

Ssd 3

Medium
Confidence
94% confidence
Finding
The repeated normalization of automatic export to local knowledge repositories encourages persistent retention of generated artifacts without emphasizing security boundaries. This is dangerous because exported files may contain source excerpts, user answers, synthesized summaries of confidential material, or other sensitive content that can be exposed through local sharing, backups, indexing, or sync tools.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal