ClawHub

RePrompter

Security checks across malware telemetry and agentic risk

Overview

RePrompter is a disclosed prompt-improvement and optional multi-agent orchestration skill, with notable execution and temporary-file risks but no artifact-backed deception, exfiltration, persistence, or destructive behavior.

Install only if you want a prompt tool that can also orchestrate multi-agent Claude/OpenClaw runs. Use the single-prompt mode for ordinary prompt cleanup, reserve Repromptception for explicit team tasks, review generated tmux commands and /tmp file paths before execution, and avoid putting secrets or sensitive private data into prompts that will be written to temporary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The README markets the skill as prompt transformation, but also states it detects complexity, selects execution mode, and supports team orchestration. That capability expansion materially changes the trust boundary: a user invoking a 'prompt cleanup' skill may unintentionally trigger planning/execution behaviors with broader side effects than expected.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Documenting tmux agent-team orchestration in a skill presented as a prompt improver indicates it can coordinate multiple agents and workflows beyond its stated purpose. In agent environments, this increases operational reach and can amplify unintended actions, resource usage, or lateral task expansion from a seemingly low-risk invocation.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The README says outputs can include agent team output files, which goes beyond merely generating prompts and implies filesystem side effects. For a user expecting text-only transformation, silent artifact generation can create data exposure, overwrite, or persistence risks, especially when multiple agents are involved.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest markets the skill as prompt transformation, but the body also documents operational behavior for spawning tmux sessions, launching Claude Code agent teams, and writing files under /tmp. This capability expansion can mislead users and policy layers into invoking a skill with execution/orchestration side effects they did not expect.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This section includes concrete shell and tmux execution instructions that launch sessions, send prompts, inspect panes, list files, and kill sessions. In the context of a 'prompt cleanup' skill, embedding executable orchestration guidance increases the chance that an agent performs local command execution beyond the user's intended scope.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Broad trigger phrases like 'run with quality', 'smart run', and 'smart agents' overlap with normal user language and can cause accidental activation of team/orchestration mode. In an agent runtime, ambiguous activation increases the chance of invoking more privileged or side-effecting behavior than the user intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README repeatedly instructs agents to write generated artifacts to fixed /tmp paths but does not warn users about filesystem writes. Unannounced writes can leak sensitive task data into shared temp locations, collide with other processes, or create predictable files that other local users or tools may inspect.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases and usage scope are very broad, including generic phrases like 'run with quality,' 'smart run,' 'smart agents,' and 'anything going to agent teams.' Overbroad activation can cause the skill to trigger in contexts where the user did not intend prompt rewriting or multi-agent orchestration, increasing the risk of unintended execution paths and file writes.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The auto-detection logic uses ambiguous heuristics such as '2+ systems,' 'audit,' or 'parallel' to suggest multi-agent mode. In practice, this can escalate a simple request into a more powerful orchestration flow without sufficiently precise user intent, making the skill more dangerous in contexts where command execution guidance is also present.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The template hard-codes writes to /tmp artifact paths, which can cause filesystem side effects without explicit user awareness or consent. While /tmp is a conventional scratch location and the content is documentation rather than executable code, an agent following this guidance could create files unexpectedly, overwrite prior temp artifacts, or expose sensitive prompt/task data in a shared temporary directory.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The note explicitly instructs execution-time writing of a brief to /tmp, again introducing undeclared filesystem side effects. In an agent skill, operational instructions like this are more likely to be acted on automatically, so the absence of notice/consent makes the issue more concrete even if the intended use is legitimate orchestration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal