ClawHub

Nm Imbue Feature Review

Security checks across malware telemetry and agentic risk

Overview

This feature-review skill is coherent, but it needs review because it tells the agent to run a local capture script automatically and can expose project context through GitHub or research workflows.

Install only if you are comfortable reviewing and constraining side effects. Disable or edit the deferred-capture step unless you explicitly want the agent to run `scripts/deferred_capture.py`; review GitHub issue bodies before creation; avoid research mode on private roadmaps or proprietary architecture unless external disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs automatic execution of a local Python script for deferred capture without user prompting, even though the skill’s primary purpose is feature review and prioritization. Any undocumented or implicit command execution expands the action surface and can lead to unintended local side effects, especially if the script or its arguments are influenced by repository content or user-provided feature text.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document says GitHub issue creation requires user confirmation, but then introduces a separate automatic deferred-capture command that runs without prompting. This inconsistency can mislead users about when the skill will take actions on their system, undermining informed consent and making unintended execution more likely.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains broad terms like 'roadmap' and 'backlog' that may match ordinary conversations and cause the skill to activate unintentionally. In a skill that can eventually create issues or run local commands, accidental invocation increases the chance of unauthorized or confusing actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes automatic handling for deferred items without clearly warning users in the quick-start or workflow summary that additional actions may occur beyond issue creation. Hidden or under-disclosed side effects are dangerous because users may invoke the skill expecting analysis only, while it can also execute local automation tied to repository data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation configures GitHub issue creation as enabled by default and shows rich issue templates populated from project-derived content, but it does not clearly warn that descriptions, rationales, and other potentially sensitive internal context may be transmitted to GitHub. In a feature-review skill that scans repositories and synthesizes suggestions, this increases the risk of unintended external disclosure, especially if users assume analysis remains local by default.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The research enrichment section enables multiple external channels such as code search, discourse, papers, and TRIZ without an explicit privacy notice about sending feature details, code context, or repository-derived metadata to third-party services. Because this skill is designed to inspect project artifacts and generate evidence-backed scoring, users may unknowingly expose sensitive roadmap, architecture, or proprietary implementation details during research workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal