ClawHub

Key Takeaways

Security checks across malware telemetry and agentic risk

Overview

This appears to be a simple local text-summarization skill; its documentation overpromises features, but there is no evidence of hidden access or harmful behavior.

Reasonable to install for local key-takeaway extraction, but treat the advertised batch/export/config examples as unreliable unless independently tested. Use it only with documents or text you choose to provide, review outputs for accuracy, and explicitly approve any output path before allowing an agent to write files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill documentation materially overstates capabilities versus the described implementation, which can cause users or orchestrators to trust it for general summarization, structured output generation, or batch/export workflows it may not actually perform. In agent settings, this mismatch is dangerous because downstream automation may make decisions based on assumed behavior, leading to incorrect outputs, silent failures, or misuse of the skill outside its real scope.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The file claims the skill should stop when requests are unsupported, yet also documents unsupported batch processing, logging, and export behavior as normal usage. This inconsistency can mislead operators into invoking filesystem-writing or multi-file workflows that may fail unpredictably or create unintended side effects in automated environments.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broadly scoped to common summarization requests without clearly enforced limits on allowed input types, boundary conditions, or refusal criteria. In agent settings, overly broad invocation language can cause the skill to be selected for ambiguous or out-of-scope tasks, increasing the chance of prompt-injection propagation, unsafe processing of sensitive content, or scope drift already hinted at by the stress-case failure in the audit.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The summary "Use when working with key takeaways" is overly broad and underspecified, which can cause the agent to invoke this skill in contexts where summarization is not the user's real intent. Over-broad activation increases the chance of inappropriate routing, accidental processing of sensitive content, or misuse in downstream workflows that expect narrower behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal