ClawHub

Senior Prompt Engineer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local prompt-engineering toolkit whose file access is user-directed and aligned with its stated purpose, with some ordinary handling cautions for sensitive prompts and output files.

Install this if you want local utilities for prompt, RAG, and agent-workflow analysis. Run the scripts only on files you intend to process, choose output paths carefully because existing files may be overwritten, and treat generated reports or examples as potentially sensitive if the source prompts contain private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation advertises commands that read input files and write outputs (for example, reading prompt/context files and writing reports or optimized files), but the skill declares no permissions. This creates a mismatch between advertised capabilities and governance controls, increasing the risk that an agent can access or modify local files without explicit review or sandbox restrictions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description uses broad trigger phrases such as optimizing prompts, evaluating outputs, building agentic systems, and designing AI workflows, which can match many common user requests. Over-broad activation can cause this skill to be selected in contexts beyond its intended scope, exposing file-capable tooling or workflow guidance where a narrower, safer skill would be more appropriate.

Missing User Warnings

Low
Confidence
70% confidence
Finding
The code writes to Path(args.output).write_text(output) without warning, confirmation, or existence checks, so a user can unintentionally overwrite an existing file if a wrong path is supplied. In an agent or automation setting, this becomes more dangerous because arguments may be synthesized or passed through indirectly, increasing the chance of destructive file clobbering.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The optimize path writes the transformed prompt text directly to a user-specified file without any warning that the content may still contain secrets, proprietary instructions, or personal data from the original prompt. In a prompt-engineering tool, users are likely to process sensitive prompts, so silently persisting prompt-derived content increases the risk of accidental disclosure through local files, repos, backups, or shared workspaces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example-extraction path serializes prompt-derived input/output examples to disk, which can preserve sensitive fragments embedded in the source prompt, including customer data, API payloads, or internal instructions. Because few-shot examples are often copied from real workflows, saving them without any caution materially raises the chance of inadvertent data retention or exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The analysis output is written to disk without warning even though the report can include prompt text fragments, matched terms, contexts, and extracted structural details derived from sensitive prompts. That creates an information-disclosure risk because the generated JSON may be treated as harmless metadata while actually containing portions of confidential source content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal