ClawHub

Escalation Brief Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local escalation-brief drafting helper, with disclosed Python-based file input/output and no evidence of network access, credential use, persistence, or destructive behavior.

Install if you are comfortable with a local python3 helper reading the file or text you give it and optionally writing a generated Markdown or JSON brief. Do not feed it unredacted customer, incident, or personal data unless that is appropriate for your workspace, and review the generated brief before sending or publishing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises no declared permissions, yet its instructions explicitly allow running `python3` and consuming local files such as templates and specs, which implies shell execution and file read/write capability. This creates a transparency and governance gap: users and platforms may trust the skill as low-risk while it can access or transform local data and invoke code.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The dispatch logic enables multiple audit/scanning modes far beyond the advertised purpose of drafting escalation briefs. This capability expansion can cause users or higher-level systems to grant the skill access to local directories, CSVs, repositories, or other skill packages under a misleading description, increasing the risk of unintended data exposure and scope abuse.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
The code performs directory enumeration, file sampling, markdown heading extraction, CSV inspection, and regex-based pattern scanning, which are unrelated to simple brief writing. In the context of a skill presented as a writing aid, these hidden analysis features are dangerous because they can inspect broader local content than users reasonably expect, potentially surfacing sensitive filenames, headings, secrets, or internal URLs in generated output.

Context-Inappropriate Capability

High
Confidence
91% confidence
Finding
The skill can audit another skill package's file structure and parse SKILL.md frontmatter, which is outside the stated purpose of escalation brief generation. While not inherently exploit code, this hidden inspection capability broadens the trust boundary and may expose metadata, package layout, or internal review artifacts without users realizing the skill performs package auditing.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger examples are broad natural-language phrases such as '帮我写一份升级说明' and especially '减少来回追问', which can overlap with ordinary conversation and unintentionally activate the skill in unrelated contexts. In an agent environment, overly generic routing phrases can cause the skill to process content it was not meant to handle, increasing the risk of misrouting sensitive user data into a structured escalation workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal