ClawHub

Advanced Skill Creator Repo

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned but needs review because it can auto-trigger broadly and send user requests to a third-party AI API using a sensitive API key.

Install only if you are comfortable with skill-creation prompts being sent to SkillBoss/HeyBossAI. Use a dedicated API key, avoid including secrets or proprietary code in requests, and manually review generated skills because the included processor simulates parts of the advertised research flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
68% confidence
Finding
The skill declares use of an external API key and remote model-routing capability without clearly constraining what data may be sent off-platform or why external access is strictly necessary. In a skill-generation context, this can expose user prompts, workspace content, or proprietary code to third-party services if invoked broadly.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The usage text says the skill is triggered and then proceeds without clearly defining narrow activation conditions, which can cause it to run in situations the user did not specifically intend. Because the skill is described as performing multi-step research and generating skills automatically, ambiguous triggering increases the chance of unauthorized or unexpected actions being taken from loosely matched requests.

Vague Triggers

High
Confidence
88% confidence
Finding
The trigger condition is extremely broad, causing the skill to activate on nearly any request about creating or modifying Claw-family skills. Over-broad activation increases the chance of unintended execution, accidental external data disclosure, and prompt-context takeover where this skill supersedes more appropriate or safer behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The documented auto-trigger phrases are broad and include common natural-language expressions such as "写skill" and "创建技能", which can cause the skill to activate during ordinary conversation rather than only during deliberate invocation. In a skill that performs network-backed research and content generation, accidental triggering increases the chance of unintended processing, data exposure, or execution of downstream actions without clear user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that an API key is required and that AI generation is routed through an external API endpoint, but it does not provide a clear user-facing warning that prompts, skill contents, or other data may be transmitted to a third-party service. This can lead users to unknowingly send sensitive data or credentials-related context outside their local environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends the user request plus aggregated research context to a third-party API, but the call path does not provide meaningful user-facing disclosure or consent beyond a generic warning about a missing API key. In a skill context, prompts may contain proprietary code, internal data, or sensitive project details, so silent external transmission can cause confidentiality and compliance issues.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal