ClawHub

Auto Llm 4712

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can unexpectedly store user input in a local knowledge base when run.

Install only if you are comfortable with this skill writing to a local KnowledgeBase when run. Avoid invoking it with sensitive or proprietary text, and consider narrowing the trigger from "llm" to the full report title before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill performs a persistent write to an external knowledge base every time it runs, even though its apparent purpose is just a weekly report artifact. Because `param` is stored directly, user-supplied input can be retained without clear consent, creating data retention and privacy risk and potentially polluting shared knowledge storage.

Intent-Code Divergence

Low
Confidence
79% confidence
Finding
The file presents itself as a weekly report, but its real behavior is to insert data into a knowledge base. This mismatch is dangerous because reviewers or users may authorize execution expecting passive content handling while the skill performs state-changing operations behind the scenes.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "llm" is extremely broad and likely to appear in normal conversation about AI, causing the skill to activate unintentionally. This can lead to incorrect routing, surprise execution, and skill hijacking of unrelated user requests, especially in an environment with multiple overlapping skills.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code stores caller-provided `param` into a knowledge base without any warning, confirmation, or disclosure that input will be persisted. This can cause accidental storage of sensitive or proprietary data and creates a straightforward path for knowledge-base poisoning or unwanted retention of untrusted content.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal