ClawHub

Agent Teacher

Security checks across malware telemetry and agentic risk

Overview

This agent-training skill is transparent about its purpose, but it teaches broad persistent changes and sensitive integrations without enough scoping or consent safeguards.

Review before installing. Use it only if you intentionally want agents to change their persistent operating files and learn sensitive integrations. Require confirmation for every file rewrite, keep backups allowlisted with secret scanning, avoid live Chrome profiles unless explicitly approved, redact credentials, and do not send private content or voice data to external services without clear consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description defines broad trigger conditions such as training new agents, initializing configuration, and teaching existing agents skills, but it does not specify authorization boundaries, operator identity, or scope restrictions. In an agentic environment, overly broad activation criteria can cause the skill to be invoked in unintended contexts, leading to unauthorized configuration changes, skill installation, or propagation of operational policies to the wrong agent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read and modify multiple repository files (`SOUL.md`, `IDENTITY.md`, `AGENTS.md`) and even replace entire sections, but it does not warn that persistent project files will be changed or require explicit user confirmation before doing so. In an agent-training context, this can cause unauthorized or surprising workspace mutations, overwrite existing content, and propagate policy changes across future sessions.

Natural-Language Policy Violations

High
Confidence
84% confidence
Finding
The file mandates that identity-defining content 'must be written in Chinese' and later requires complete Chinese translation/output without offering user choice or a documented operational necessity. This can override user preference, degrade usability for non-Chinese operators, and create instruction-priority conflicts that make the agent less responsive to legitimate user locale needs.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The document instructs automatic backup of the entire workspace to Git every day without any warning about secrets, personal data, or sensitive files that may reside there. In an agent environment, this can normalize indiscriminate collection and persistence of credentials or confidential artifacts, increasing the chance of data retention and later disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The curl example retrieves Feishu app credentials and uses the resulting bearer token directly, but it provides no safeguards for secret handling, shell history leakage, logging, or token lifetime. In a training skill, this can encourage unsafe credential practices that expose messaging authority and enable unauthorized message sending or account abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document teaches use of `profile="chrome"` to control an existing Chrome session but does not warn that this may expose real tabs, authenticated sessions, cookies, and sensitive page content. In a training skill for new agents, omitting that boundary makes it more likely an agent will act in a user's live browsing context and perform unintended actions or data access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file states that API keys are already configured in `~/.mmx/config.json` and later shows environment-variable credential use, but gives no guidance on protecting, redacting, or avoiding disclosure of those secrets. In an agent-teaching context, this increases the chance the agent will reveal credential locations, echo secrets in logs, or mishandle them during troubleshooting.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The training material promotes remote search, image, speech, video, and vision services without stating that prompts, URLs, images, and other supplied content are transmitted to third-party services. That omission is risky because a newly trained agent may send confidential user data, internal URLs, or sensitive prompts off-platform without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal