ClawHub

Nm Pensive Makefile Review

Security checks across malware telemetry and agentic risk

Overview

This is a Makefile review skill with disclosed build-analysis behavior, but users should be careful with its optional apply-mode workflow.

Install this only if you want an agent to inspect Makefiles and related build workflows. Review before running any make-based test because Makefiles can execute shell logic while being parsed or tested. Do not run the optional makefile_dogfooder.py --mode full --apply flow unless you have verified that helper script and are prepared to review the resulting git diff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a Makefile auditing/review capability, but the documented behavior expands into safely testing targets and generating missing targets. That is a meaningful scope expansion from passive analysis into active execution and code modification, which can cause the agent to run repository-defined commands or create files the user did not explicitly authorize.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The generation phase explicitly creates new Makefile targets and templates even though the skill's stated purpose is review/audit. This mismatch can mislead users into granting the skill access under the assumption of analysis only, while it actually performs repository-altering actions that may introduce unsafe or unwanted build logic.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list is broad enough to match ordinary developer requests such as 'build', 'make', and general automation discussions, which can cause the skill to activate outside its intended scope. In an agent environment, unintended activation can override or distract from the user's actual task and increase exposure to the skill's shell-oriented workflow instructions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented `--mode full --apply` workflow performs generation and application of Makefile changes without any explicit warning that repository files will be modified. In an agent setting, lack of a clear modification warning increases the risk of silent or unexpected writes to trusted build files, which can alter execution behavior across the project.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal