ClawHub

web-skills-protocol

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent web-discovery purpose, but it broadly tells agents to fetch and directly follow website-hosted instructions that may drive authenticated or state-changing actions.

Install only if you want your agent to use website-published WSP instructions. Prefer the registry version or a pinned commit, review fetched skill files before use, provide credentials only to trusted domains, and require explicit confirmation before purchases, deployments, account changes, data deletion, or other high-impact API calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installation section instructs users to download a remote SKILL.md from GitHub and write it directly into persistent local skill directories, and for Codex to append it into AGENTS.md, without any integrity verification, pinning, or warning that this content will influence future agent behavior. Because skill files are effectively executable instruction surfaces for agents, a compromised repository, MITM on an untrusted environment, or later upstream change could silently introduce prompt-injection-style behavior or unsafe actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance is broad enough that the skill may trigger for many ordinary website-related tasks and then prioritize fetching and following remotely hosted skill files. Because the skill explicitly tells the agent to follow external SKILL.md instructions directly, overbroad activation increases the chance of consuming untrusted, adversarial instructions from arbitrary websites and expanding the attack surface beyond the user's actual need.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal