ClawHub

Slowmist Security Cc

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, instruction-only security review skill with useful guardrails and some privacy/workflow caveats, but no artifact-backed malicious behavior.

Install this if you want a conservative security-review workflow. Expect it to trigger on many install, review, repository, URL, product, and blockchain-related requests. Avoid putting secrets, private keys, seed phrases, private repository URLs, or sensitive wallet context into the optional memory log, and verify the external GitHub clone source if installing manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation triggers include very common phrases such as "review", "install", and "help me check this", which can cause the skill to auto-activate in unrelated conversations. In an agent environment, overly broad routing can expand the skill's influence unexpectedly, increase prompt-surface exposure, and create confusion or unintended security-review behavior when the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-activation section includes broad everyday phrases such as '帮我检查这个', 'review', and 'trust this', which can cause the skill to trigger in contexts where the user did not explicitly request a security review. In an agent environment, unintended activation can alter workflow, create prompt-routing confusion, and increase the chance of processing untrusted content under the wrong mode.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The activation triggers include broad, common phrases such as generic requests to 'review' or 'check this', which can cause the security skill to activate in situations the user did not explicitly intend. In an agent environment, overly broad auto-invocation can disrupt normal workflows, misroute tasks, or cause unnecessary handling of user content under a security-review context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill recommends writing persistent review logs to a local memory path and storing source identifiers, ratings, findings, and prior decisions, but it does not clearly require explicit user consent or warn that this data will be retained across sessions. This creates a privacy and data-retention risk because sensitive URLs, repositories, wallet addresses, or user decision history may be preserved and later exposed to other contexts or users of the same environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad and ambiguous, such as activating on nearly any blockchain interaction or any request involving fund movement. In an agent skill, this can cause over-triggering, unintended interception of unrelated tasks, or inconsistent behavior across contexts, which is especially risky because the skill influences security decisions around transactions and user funds.

Ssd 3

Medium
Confidence
95% confidence
Finding
The guidance to persist review metadata and prior user decisions in a project memory log creates a durable natural-language audit trail that can accumulate sensitive operational context over time. Even if intended for convenience, this increases the blast radius of local compromise, accidental disclosure, or unintended reuse of user-provided information in future interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal