ClawHub

Brainstorm Beagle

Security checks across malware telemetry and agentic risk

Overview

The skill appears useful for brainstorming, but its instructions expand into file changes and git commits despite describing itself as non-implementation work.

Install only if you are comfortable reviewing and controlling any repository access, file creation, and git actions it proposes. Before use, require explicit confirmation before writes or commits, and avoid invoking it in sensitive repositories unless its side-effecting steps are removed or clearly gated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s declared purpose is dialogue-only brainstorming, but its workflow expands into repository inspection, optional invocation of other skills, file writes, and git commits. This mismatch can cause users or orchestrators to grant it broader autonomy than expected, increasing the chance of unintended file-system or repo side effects during what should be a low-risk ideation task.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Automatically committing to git is a side effect unrelated to the core brainstorming function and can persist content the user has not fully reviewed. In multi-agent or automated environments, this may create unauthorized history changes, leak sensitive concept details into version control, or trigger downstream CI/CD workflows.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill says it does not take implementation action, yet later instructs itself to write files and commit changes. This contradiction is dangerous because safety boundaries depend on accurate capability descriptions; if the skill is treated as non-mutating, operators may invoke it in contexts where write access and source-control modification are inappropriate.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to match ordinary ideation or planning requests, which increases the risk of accidental invocation. In this skill’s context, accidental invocation matters because the skill is not purely conversational: it may read repo context, generate files, and eventually write to disk or commit changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal