ClawHub

Brainstorming Pro

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only brainstorming skill, but it asks agents to inspect project files and commit design documents without a clear user-approval checkpoint.

Install only if you want a brainstorming skill that can move into project-aware documentation and handoff planning. Before using it, tell the agent which repository files are in scope and require explicit approval before it writes files, commits to git, posts updates, creates tickets, or records sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The process tells the skill to inspect repository state, examine recent commits, write documentation into the repo, and commit changes to git. For a brainstorming skill, these are unnecessary side-effecting actions that expand access from facilitation into codebase reconnaissance and persistence, increasing the chance of unauthorized modification or misuse in repositories where the user only expected ideation support.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Instructing a brainstorming agent to check files, docs, and recent commits broadens its authority beyond the declared purpose and can expose sensitive project context unnecessarily. Even read-only repo inspection can leak secrets, roadmap details, or unrelated code/data to an agent flow that users may invoke for generic ideation.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Directing the skill to write a design document to a repo path and commit it to git gives a brainstorming skill unjustified write and persistence capabilities. This creates risk of unwanted repository changes, accidental data disclosure in committed artifacts, and abuse through social engineering where a user expects discussion but the skill performs durable actions.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The file substantially broadens a brainstorming skill into cross-functional handoff, product management, engineering spec, leadership briefing, and implementation workflow guidance. This scope expansion can cause agents or users to treat an ideation-only skill as authorized to drive downstream execution, increasing the risk of role confusion, overreach, and unintended operational actions.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The document explicitly directs creation of backlog items and workflow-tracking artifacts such as Jira or similar status transitions, which exceeds a brainstorming skill's expected authority. In an agent setting, this can lead to unauthorized project-state changes or premature operationalization of unvetted ideas.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The markdown instructs the agent to write a file and commit it without any explicit warning, confirmation step, or user-consent boundary. Silent side effects are dangerous because users may invoke the skill for discussion only, while the agent performs durable changes to source control that can affect collaborators and CI/CD workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document recommends recording remote sessions and providing replays for other participants, but it does not mention obtaining consent, notifying participants, or handling recordings in line with privacy and employment policies. In a workplace brainstorming context, recordings may capture personal data, opinions, or sensitive business information, creating privacy, compliance, and trust risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal