ClawHub

Construction Safety Inspector

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent construction-safety assistant, but it can persist uploaded safety documents into its own reference files without a clear approval or review step.

Review this skill before installing if your safety documents are confidential or authoritative. Use it only if you are comfortable with uploaded safety-management content being summarized into persistent reference files, and require manual approval or review of any reference updates before relying on future safety-critical recommendations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to persist user-supplied document content into a local `references/` directory, creating a form of prompt/data persistence without trust boundaries, validation, or user confirmation. This is dangerous because uploaded documents may contain adversarial instructions or poisoned safety guidance that later analyses treat as authoritative, causing persistent integrity compromise of future outputs.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation condition is overly broad because it triggers not only on image-based safety inspection requests but also whenever a user mentions uploading safety management documents for learning. Broad auto-activation increases the chance the skill processes unintended untrusted documents and enters the risky file-learning workflow, expanding attack surface for prompt injection and knowledge-base poisoning.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill directs writes to the `references` directory without clearly warning the user that local files will be modified. Hidden or implicit state changes are risky because they can persist untrusted content, alter future model behavior, and violate least surprise and change-control expectations in a safety-critical domain.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal