ClawHub

Skill Example Synthesizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-directed example generator with an optional local Python helper; it can read and write chosen files but shows no automatic, network, credential, or destructive behavior.

Install only if you are comfortable with an optional Python helper that reads the input path you provide and can write an output file you choose. Avoid pointing it at sensitive files or broad private directories unless that content is intended for the generated draft; the bundled default mode is document generation, not active security scanning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions, yet its content explicitly advertises capabilities consistent with shell execution and reading/writing files via `python3 ... --input ... --output ...`. This creates a transparency and trust problem: users and orchestrators may route or approve the skill as low-risk while it can access local resources and invoke code, increasing the chance of unintended data exposure or execution in a broader context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The described purpose is narrowly about generating examples for skills, but the detected behavior indicates a much broader audit/scanning tool that can inspect directories, parse multiple file types, and perform high-risk pattern scanning. This mismatch is dangerous because it can cause users or calling systems to trust and invoke the skill in contexts where it gains access to more data and performs broader analysis than expected, which is especially concerning given the shell/file capabilities noted in the content.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implemented entrypoint dispatches to multiple audit modes such as directory, CSV, pattern, and skill auditing, which materially diverges from the declared purpose of synthesizing examples for routing and understanding. This kind of capability mismatch is dangerous because it expands the skill’s effective authority and data-access surface, enabling users or higher-level agents to invoke repository inspection and content scanning behavior they would not reasonably expect from the advertised metadata.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code includes regex-based scanning for secrets, dangerous shell patterns, and private URLs, which is outside the expected scope of an example-synthesis skill. Even though it does not execute matched content, this creates an unexpected inspection capability that can expose sensitive snippets in generated reports and increases the chance of over-collection or disclosure of repository contents.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill performs repository completeness checks and frontmatter validation for an entire skill directory, which is unrelated to generating positive/negative/boundary examples. This broadens the operational scope to local filesystem auditing and can reveal project structure and metadata unexpectedly, making the skill more dangerous in context because callers may grant access based on its benign-seeming description.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger examples are broad natural-language phrases such as '给这个 skill 生成更好的 examples' and '覆盖正例和反例', which can overlap with ordinary discussion about improving examples rather than an intentional request to invoke this specific skill. In a routing system, overly generic triggers increase the chance of accidental activation, causing the wrong skill to run and produce misleading outputs or interfere with task selection.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal