ClawHub
Back to skill

Security audit

Spec Brainstorm

Security checks across malware telemetry and agentic risk

Overview

This skill is a spec-writing workflow that is transparent about creating a documentation file, with the main caution that it may also create a git commit.

Install this if you want an assistant to turn brainstorming into a written spec in your repository. Before using it, ask the assistant to show the full spec first and require explicit confirmation before it writes files or creates a git commit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill states it only produces a spec and should not transition into implementation, yet it also instructs the agent to write files and commit to git. This inconsistency can cause unexpected repository modifications, violating user expectations and enabling unintended side effects from what appears to be a read/think-only workflow.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The hard gate forbids implementation action, but later instructions require writing a file and committing it. Contradictory instructions are dangerous because an agent may resolve the conflict by performing persistent actions despite the user's understanding that the skill is non-operational and limited to drafting a spec.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to save a file and commit changes without a clear upfront warning that using the skill can modify the repository. Hidden side effects are risky because users may invoke a brainstorming skill expecting only conversation, while the agent performs persistent changes that affect version control history and downstream automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.