ClawHub

Decomposes complex user requests into executable subtasks, identifies required capabilities, searches for existing skills at skills.sh, and creates new skills when no solution exists. This skill should be used when the user submits a complex multi-step request, wants to automate workflows, or needs help breaking down large tasks into manageable pieces.

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it can expand the agent by finding, creating, and globally installing other skills with weak review boundaries.

Install only if you want a meta-skill that can search for and propose new agent capabilities. Review every discovered or generated skill before installing it, avoid `-g -y` auto-confirm global installs, prefer trusted and pinned sources, and require explicit confirmation before handling credentials, scheduled jobs, or external service changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises searching external skill registries, installing skills, and automatically creating new skills, but provides no warning about privacy exposure, trust boundaries, or the risks of executing or installing unreviewed third-party code. In this context, users may supply sensitive task descriptions and the agent may interact with external services or generate/install capabilities without explicit consent, increasing the chance of data leakage or supply-chain compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to install and use a skill that can search for and create additional skills, but it does not warn that installation and generated skills may introduce code execution, filesystem changes, or other side effects. In the context of an agent skill ecosystem, this omission is security-relevant because users may treat the workflow as low-risk automation when it can expand the agent's capabilities and implicitly trust unreviewed external code.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description says it should be used for broadly defined cases like any 'complex multi-step request' or when the user 'needs help breaking down large tasks,' which can cause over-invocation. In practice this increases attack surface because the skill may activate on sensitive requests and then proceed into capability discovery, external skill search, and potential skill creation without sufficiently narrow gating.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal