ClawHub

get-to-know-you

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs review because it collects personal/work profile details and can persistently change files that shape future agent behavior.

Install only if you want the agent to build a durable profile from your work details and preferences. Avoid sharing confidential personal or organizational information, review any proposed changes before they are written, and back up or monitor AGENTS.md, SOUL.md, MEMORY.md, USER.md, and TOOLS.md so unwanted profile entries can be removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
91% confidence
Finding
The skill's trigger conditions are so broad that ordinary conversation or post-install behavior can initiate profile collection without a narrowly scoped user request. In context, this is dangerous because the collected data is intended to be persisted into configuration and memory files, increasing the chance of silent overcollection and unwanted retention of personal or work-sensitive information.

Vague Triggers

High
Confidence
93% confidence
Finding
Passive collection of 'unrecorded preferences mentioned in daily conversations' is ambiguous and encourages surveillance-like behavior outside a clearly bounded task. Because the skill then proposes syncing that information into persistent files, users may inadvertently disclose sensitive workplace habits, reporting structures, or preferences that become stored long-term.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises automatic updates to configuration files but does not present a clear upfront warning that persistent file modifications will occur. Hidden or insufficiently disclosed persistence is a security concern because it can alter future agent behavior and store personal data without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persistently stores users' answers in a progress file during collection without an explicit, informed warning at the point of capture. Because the questions are designed to gather work background, habits, and preferences, the stored data may include sensitive personal or organizational information that could later be exposed to other tools, users, or processes in the workspace.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function appends user-supplied information into workspace markdown files, which creates persistent modification of project state without an explicit warning or confirmation. In this skill's context, those files appear to shape future agent behavior and memory, so unreviewed writes can leak sensitive data, poison agent context, or create durable prompt-injection content for later runs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal