ClawHub

Invoice verification rule management and maintenance skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate validation-rule administration skill, but it can change or delete remote business rules without built-in confirmation safeguards.

Install only if you intend to let an agent administer this validation-rule system. Use a least-privileged token, prefer a test environment first, use HTTPS where possible, avoid storing privileged tokens in broadly discoverable config.json files, and manually confirm every create, update, enable, disable, or delete action before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger description is overly broad and includes natural-language examples like '帮我创建一条规则' and '查一下场景列表', which can cause the skill to activate on ambiguous user requests without clear confirmation. Because this skill can perform state-changing operations such as create, delete, enable, and disable, over-triggering raises the risk of unintended administrative actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to run installation and operational commands, including npm install and later delete/enable/disable actions, without clearly warning about local environment changes or remote system impact. In an agent context, this can lead to unreviewed package installation or unintended destructive actions against live services, especially since the base URL points to a network service and the commands are presented as routine setup.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete command directly invokes the backend deletion API as soon as an `id` is provided, with no visible confirmation, dry-run, or safeguard against accidental execution. In a management skill that encourages natural-language triggering for administrative actions, this increases the chance of unintended destructive operations and can lead to irreversible configuration loss or service disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The examples include destructive commands (`delete-rule`, `delete-scene`) without any warning that these actions are irreversible or should be confirmed before execution. In an agent skill context, users may copy examples verbatim or the agent may suggest them directly, increasing the chance of accidental production data deletion.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal