ClawHub

Doro Command Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed helper for creating persistent Claude slash commands, with examples that should be reviewed before reuse but no evidence of hidden or malicious behavior.

Install only if you want help creating persistent Claude slash commands. Prefer project-local commands unless global reuse is intentional, inspect the generated markdown before saving or invoking it, and add explicit confirmation steps to any command that edits files, stages or commits changes, publishes PRs, deploys, or runs broad shell automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly directs the agent to create directories and write command files to project or home-directory locations, but it does not require a clear warning or confirmation immediately before modifying the filesystem. Because slash commands are persistent artifacts that can later influence future agent behavior, silent creation in `.claude/commands/` or `~/.claude/commands/` increases the risk of unintended persistence and user-environment modification.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The document gives reusable command-authoring guidance that includes `git add .` and `git commit` examples without requiring confirmation or warning about repository-state changes. In a skill whose purpose is to help create autonomous slash commands, normalizing state-changing git operations can lead downstream commands to stage unintended files, commit secrets, or modify user repositories without explicit consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example explicitly instructs the agent to run `git add .` and `git commit` over all changes, which can modify local repository state and accidentally include unrelated, sensitive, or partially completed files. Because this is a reusable command template for slash-command creation, it normalizes broad destructive/local side effects without requiring an explicit confirmation step or a safety check for what will be committed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example directs non-interactive remote operations via `gt submit --stack --publish --no-edit --restack`, which can create or update pull requests and publish drafts without an explicit warning or confirmation. In a command-creation reference, this is risky because downstream users may copy this pattern into automation that performs irreversible or externally visible actions unexpectedly.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The examples normalize commands that create commits and submit PRs but do not explicitly instruct command authors to warn users or obtain confirmation before repository-modifying actions. In a skill whose purpose is to help create reusable commands, omission of consent and safety prompts can propagate unsafe command templates that perform impactful actions with insufficient friction.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example includes `gt submit --stack --publish --no-edit`, which can create or publish remote PRs as a side effect, but the surrounding guidance does not emphasize that this performs network-visible, externally persistent actions. In a skill for creating autonomous agent commands, omitting a warning or explicit confirmation gate increases the risk that generated commands will publish changes without adequate user review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This example instructs the agent to run `git add .` and `git commit` automatically, which modifies local repository state and can capture unintended files, secrets, or partially completed work. Because it is presented as a reusable command example without an explicit warning, confirmation step, or scope restriction, users may invoke it expecting convenience while the agent performs irreversible-ish source control actions on their behalf.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This example directs the agent to run `gt submit --stack --publish --no-edit --restack`, which can create or update remote pull requests non-interactively and publish changes immediately. In skill context, this is more dangerous because the file is framed as authoritative reference material for creating new commands, so unsafe patterns may be copied broadly into future automations without additional safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal