ClawHub
Back to skill

Security audit

Agentpmt Workflow Creator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AgentPMT workflow-management skill that can publish or delete remote workflows, but the artifacts show no hidden code or malicious behavior.

Install this only if you intend to let an agent manage AgentPMT workflows through AgentPMT's remote service. Before publish or delete actions, confirm the target workflow, skill_id, visibility, and expected result yourself, and keep credentials or sensitive business data out of prompts unless it is necessary for the workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill advertises broad activation phrases such as general workflow-building and automation requests, which can cause an agent to invoke this remote third-party skill for tasks that were not specifically intended for AgentPMT. That increases the chance of unnecessary data disclosure to an external service and unintended tool selection in place of safer or more local alternatives.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The schema exposes a destructive `delete` action for workflow skill drafts but provides no warning, confirmation expectation, or indication of irreversible impact. In an agentic setting, this increases the chance that an LLM or automation invokes deletion from ambiguous user intent, causing unintended loss of workflow configurations.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The `publish` action changes workflow state and can make content externally visible, yet the schema does not warn that publication may expose drafts, trigger downstream use, or create durable version changes. In a workflow-creation skill, this matters because agent-driven publication can accidentally release internal logic or sensitive operational details.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal