ClawHub

JSON Transformer

Security checks across malware telemetry and agentic risk

Overview

This skill is non-executable, but its JSON-transformer purpose is muddled by unrelated machine-learning tutorial content and overly broad triggers.

Install only if you specifically want a rough auto-crystallized note bundle, not a reliable JSON transformation skill. It does not show malicious system access, but users expecting JSON query, merge, or filter behavior should review or rewrite the skill so its name, triggers, and instructions match one clear capability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The manifest and top-level description claim this is a JSON transformation skill, but the body is dominated by unrelated Transformer/ML learning material. This mismatch can cause incorrect routing or invocation of the skill for JSON-processing requests, leading downstream agents or users to trust capabilities the skill does not actually provide.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The embedded merged subskill explicitly describes a GNN/Transformer trajectory-prediction skill, which contradicts the surrounding JSON-transformer identity. This increases the chance of capability confusion, unsafe auto-selection, or propagation of unrelated instructions into workflows that expect structured JSON handling.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and map to very common JSON-related user requests without clear scope boundaries. Overbroad activation can cause the wrong skill to intercept routine requests, producing irrelevant behavior or interfering with intended tool selection.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The secondary triggers include vague phrases like needing related help, which are ambiguous and overly permissive. In context, this is more dangerous because the subskill itself is unrelated to the parent skill, so ambiguous activation can surface the wrong capability in response to broad user intent.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal