ClawHub

Ima Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent IMA notes and knowledge-base integration, but users should understand it can read private notes, modify remote content, and upload selected files using IMA/Tencent cloud credentials.

Install only if you want an agent to access and manage your IMA notes and knowledge bases. Protect the Client ID/API key and temporary COS credentials, confirm the exact destination before any upload or append, and avoid uploading files or URLs you do not want sent to IMA/Tencent COS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are broad enough to match common requests like '帮我记一下' or generic file/document actions, which can cause this skill to activate on unintended prompts. Because the skill can read local credential files and perform authenticated write/search operations against a remote knowledge service, over-triggering increases the chance of unintended data access, persistence, or external transmission.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly instructs clients to display raw server-provided errmsg values directly to users. Raw backend error strings can contain internal implementation details, identifiers, policy signals, or unexpected reflected input, which can leak sensitive information and increase reconnaissance value for attackers. In a knowledge-base skill that handles uploads, permissions, and downstream integrations, this guidance is more dangerous because failures may involve auth, storage, or content-scanning systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal