ClawHub
Back to skill

Security audit

BotLearn Assessment

Security checks across malware telemetry and agentic risk

Overview

This skill runs an autonomous capability self-assessment and saves local reports, with no evidence of credential access, exfiltration, destructive behavior, or hidden install-time code.

Install only if you want an autonomous assessment skill that may activate from common assessment-related phrases and create local files under results/. Review generated reports for sensitive content, delete the results directory if you do not want history retained, and expect some referenced helper files to be missing unless the package is completed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The strategy explicitly saves reports to local files and appends to a persistent index, which exceeds the core need of running a one-time self-assessment. Unprompted persistence can leak sensitive user or system-derived content, create unintended audit trails, and modify the local workspace without clear consent or scoping.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The Node.js command introduces external code execution to generate a chart, which is not essential to answering assessment questions. Invoking scripts increases the attack surface because local scripts or parameters could be tampered with, and the skill provides no validation, sandboxing, or consent boundary for this execution.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes highly generic terms like 'assessment', 'evaluate', and 'test yourself' that can appear in ordinary conversation, making unintended activation likely. In this skill, accidental invocation is more dangerous because the skill is designed to run a multi-phase autonomous exam flow and may generate outputs or files without explicit user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Additional triggers such as dimension-specific test phrases are still broad and semantically common, so they may match benign requests that are not meant to invoke this skill. Because the skill then proceeds autonomously and discourages clarification, a false activation can lead to unexpected behavior and misleading self-assessment output.

Vague Triggers

Medium
Confidence
90% confidence
Finding
History-oriented triggers like 'history results' and especially the Chinese '历史结果' are ambiguous and can overlap with normal requests to review prior information. In context, that could cause the skill to access or summarize stored assessment artifacts when the user did not intend to invoke this specific history flow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs creation of persistent result files in a results directory, including JSON, Markdown, HTML, and index artifacts, but does not require user consent or provide a warning about storage. This is risky because accidental or coerced activation could leave behind persistent data, potentially including sensitive prompts, outputs, or history metadata.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger terms are broad and the strategy says to begin immediately without confirmation, making accidental invocation likely. In context, this is more dangerous because the skill can autonomously proceed into tool checks, scoring, and later file-writing behavior from loosely related phrases like 'evaluate' or 'test yourself'.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The strategy instructs the agent to write reports and update an index with no user-facing warning that local files will be modified. Hidden state changes undermine user control and can surprise users with persisted artifacts containing assessment content, timestamps, or environment-derived details.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal