ClawHub

Claude Skills Agent Designer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local multi-agent design and evaluation toolkit; the scanner concerns are mostly about broad sample schemas rather than hidden or active dangerous behavior.

Before installing, understand that this is a local code-and-template toolkit. Review and sanitize any real execution logs before running the evaluator, choose output prefixes that will not overwrite important files, and tighten the sample tool schemas before using them in a live agent, especially any document-processing, notification, scheduling, web, or data-analysis tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The file defines tool schemas for generic web search and structured data analysis, which do not align with the declared skill purpose of multi-agent system design. Capability/scope drift is dangerous because it can silently expand what the skill can cause an agent to do, increasing attack surface and enabling unintended data access or behavior beyond user expectations.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
A web_search tool is exposed even though the skill is described as an agent-designer, not a research or browsing skill. This mismatch can lead to unnecessary external data access, prompt-routing mistakes, and unexpected handling of user queries, especially if downstream systems trust declared skill scope for policy decisions.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The data_analyzer capability is unrelated to the stated task of designing multi-agent systems and introduces extra processing functionality without clear justification. Unneeded analytical tools broaden the reachable functionality of the skill and may enable inappropriate processing of sensitive structured data under a misleading skill label.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The README encourages users to analyze execution logs containing task IDs, agent IDs, timestamps, token usage, costs, tool usage, and error details, but it does not warn that such logs may contain sensitive operational or user-derived data. In a multi-agent system context, logs can easily expose prompts, internal architecture, identifiers, usage patterns, or secrets embedded in error fields, so normalizing log ingestion without privacy guidance increases the risk of accidental data disclosure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The document_processor accepts a very broad "URL or path" input and even advertises support for file:// and absolute paths, which can enable server-side request forgery or local file access if an agent can pass attacker-controlled values. In an agent skill context, this is more dangerous because tool-selection and parameter-filling may occur from natural-language prompts, making ordinary-looking paths or URLs easier to smuggle into execution without strong invocation constraints.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The web_search description is broad and lacks clear trigger boundaries, making it easier for orchestrators or models to invoke it in situations the user did not intend. Ambiguous schema descriptions increase the chance of overuse, policy bypass by misclassification, and accidental data exposure through unnecessary external queries.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The data_analyzer description is similarly overbroad and does not define when the tool should or should not be used. In agentic systems, unclear activation boundaries can cause inappropriate routing of user data into analysis pipelines, creating avoidable privacy and scope-control risks.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The CLI writes several predictable output files and can overwrite existing local files without confirmation, backup, or safety checks. In agentic contexts, this can cause unintended modification or destruction of user data if the output prefix points to important paths or existing filenames.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal