Clawlet Daily

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is purpose-aligned for generating a daily report from local memory notes, with a minor risk of accidental activation on broad daily-summary phrases.

Install this only if you are comfortable with the agent reading files under memory/ and summarizing them into a report. Use explicit prompts such as requesting a Clawlet daily report, and review the generated Markdown before sharing it because private details from notes or task logs may be included.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases in the metadata include very common requests such as '今日总结' and '今天做了什么', which can match ordinary conversation outside the intended reporting workflow. That ambiguity can cause unintended skill activation, leading the agent to scan and summarize memory files when the user may have meant a general question rather than a request to access stored records.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The usage examples expand the trigger surface with another vague phrase, '生成今天的日报', without requiring any explicit reference to Clawlet or the memory-backed report. In an agent environment, broad examples often become de facto routing cues, increasing the chance of accidental invocation and unnecessary access to internal notes or logs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal