ClawHub
Back to skill

Security audit

Nm Hookify Rule Catalog

Security checks across malware telemetry and agentic risk

Overview

This skill documents how to create Hookify rule files that persistently warn or block agent actions, and that behavior is disclosed and aligned with its stated safety purpose.

Install this only if you want persistent Hookify rules in a project. Review any .claude/hookify.*.local.md file before creating it, start with warn rules before block rules, and remove or disable rules that interfere with normal work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes generic terms like 'rules', 'catalog', 'install', and 'templates', which are likely to appear in many unrelated conversations. This can cause unintended activation of the skill, leading the agent to follow file-writing or installation-oriented guidance in the wrong context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The installation instructions direct the agent or user to write rule files into `.claude/` but do not clearly foreground that this modifies project or user configuration state. In an agent setting, hidden or insufficiently signposted state-changing behavior increases the risk of unintended persistent configuration changes.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
92% confidence
Finding
Using 'install' as a trigger is risky because it is a common, high-frequency action word that may collide with built-in commands or unrelated user intents. This increases the chance the skill intercepts general installation requests and steers the agent toward hookify-specific file operations unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.