Nm Abstract Hook Authoring

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only hook-authoring skill, but it repeatedly teaches broad logging, external hook calls, and prompt/context injection without enough privacy boundaries.

Review before installing or using this skill to generate hooks. Prefer its validation and sanitization patterns, but do not copy examples that send full hook payloads to external services, log raw CLAUDE_TOOL_INPUT, persist prompts, or emit rm -rf cleanup commands unless you add explicit consent, allowlists, redaction, retention limits, and trusted endpoints.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The HTTP hook example sends full hook input to an external URL without prominently warning that tool inputs may contain sensitive prompts, file paths, command arguments, or other private context. In a hook-authoring skill, this is more dangerous because readers may copy the pattern directly into real environments, causing unintended data exfiltration to third-party services.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly encourages HTTP hooks that POST the standard hook input JSON to arbitrary URLs, but it does not warn that this payload can contain sensitive session metadata, prompts, tool inputs, paths, agent identifiers, and other workspace context. In a security-first hook authoring skill, omitting disclosure and guidance around outbound data exfiltration materially increases the risk that users will configure hooks that leak sensitive information to third-party services.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The durable cron task section states that prompts can persist to `.claude/scheduled_tasks.json` across restarts, but it does not warn that scheduled prompts may contain secrets, proprietary instructions, or user data that will be written to disk. This creates a confidentiality and forensic exposure risk, especially on shared systems or repos where local artifacts may be backed up, synced, or accidentally committed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The document explicitly instructs authors to emit copy-pasteable destructive shell commands and provides an `rm -rf` example without any inline warning, confirmation step, or safer alternative. Even though the example uses quoted paths and is framed as observability guidance, the skill context is hook authoring for automation and enforcement, which increases the chance that future hooks will surface dangerous commands that users or downstream agents execute reflexively.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The examples encourage writing tool names, timestamps, output sizes, and audit information to local files without warning that hook logs may contain sensitive user, system, or workflow metadata. In a hook-authoring security skill, normalizing persistence without privacy guidance can lead developers to retain sensitive operational data insecurely or longer than intended.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The guidance recommends remote config fetches and local logging but omits any warning that network requests and persisted telemetry may expose system, usage, or user-derived information. In a security-first hook-authoring context, this omission is meaningful because readers may adopt the pattern without adding privacy review or transmission constraints.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The example logs both tool name and $CLAUDE_TOOL_INPUT directly to a persistent audit file without warning about privacy or secret-handling risks. Tool input can contain credentials, tokens, proprietary code, file paths, or sensitive prompts, so this pattern normalizes unsafe collection and local persistence of sensitive data.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The examples write audit logs and metrics to local files under the user's home directory, but the documentation does not warn that tool inputs, outputs, or session metadata may be retained on disk. In a hook-authoring skill, this is more dangerous because readers are likely to copy these patterns directly into production hooks, creating silent persistence of potentially sensitive operational data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The context injection example reads README, conventions, and architecture files and prepends their contents to user prompts without any privacy boundary, consent model, or sensitivity filtering. In this skill context, that is especially risky because it teaches a reusable pattern that can cause confidential project data to be automatically surfaced to the model or downstream systems.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal