ClawHub
Back to skill

Security audit

skill everyday

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: fetches public Clawhub skill data and saves local Markdown reports, with a disclosed but unnecessary local directory-listing behavior to be aware of.

Install only if you are comfortable running a Node/Playwright script that contacts Clawhub, creates local report/state files, and may include local sibling skill directory paths and filenames in generated reports. Review reports before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented workflow explicitly attempts to derive a sibling local skills directory and read another skill's source from disk, which exceeds the stated purpose of analyzing public Clawhub pages. In an agent setting, this creates a path for unauthorized local file access and cross-skill data exposure, especially if a remotely sourced slug is used to select the target directory.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger phrases are broad enough that routine user messages like '分析一个 Clawhub 技能' could invoke the skill without making clear that it performs browsing, local state changes, and report generation. Overbroad invocation increases the chance of unintended execution of side-effecting behavior in contexts where the user did not specifically consent to those actions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description and usage flow do not clearly warn users that execution will write reports locally and mutate persistent state in data/analyzed.json. In agent environments, undisclosed filesystem writes and state changes are risky because they can surprise users, complicate auditing, and make unintended repeated execution harder to detect or reverse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The runner modifies local state and writes report files automatically every time it executes, but there is no explicit user confirmation, dry-run mode, or prominent warning before those writes occur. In an agent/skill context, silent filesystem mutation is risky because users may invoke the skill expecting analysis only, while it persists data and changes future behavior via analyzed.json.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal