ClawHub

Build

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project-skill generator that writes local project-management files only after user preview and delivery confirmation, with some local path-detection and persistence risks to understand.

Install this only in a project workspace where you are comfortable with a new skill and project-memory folder being created. Review the generated SKILL.md preview and destination path before choosing direct install; choose ZIP if you want to inspect or place files manually. Avoid putting secrets in plan.md, decisions.md, or other project-memory files, since generated skills will reload them later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill directs the agent to scan the user's home directory to infer globally installed skill platforms, which exceeds what is necessary for generating or installing a project skill in the current workspace. This broadens filesystem access into unrelated personal areas and can expose private directory structure or metadata without a clear need or prior consent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that the generated skill will be installed into the current workspace and will continue writing project-tracking files as work progresses, but it does not give a clear up-front warning that local files and directories will be created or modified. This can lead users to authorize the skill without understanding its write behavior, increasing the risk of unintended filesystem changes, overwrites, or clutter in sensitive working directories.

Vague Triggers

High
Confidence
88% confidence
Finding
The trigger phrases are extremely broad and overlap with ordinary requests to build or create something, making the skill likely to activate in contexts where the user did not intend project-skill generation. Overbroad activation can cause unnecessary file operations, workspace changes, or collection of project details under the wrong conversational context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs scanning both the current workspace and the user's home directory for existing skill paths without telling the user that filesystem inspection will occur. Even limited directory existence checks touch potentially sensitive locations, so the absence of transparency and consent increases privacy risk and violates least-surprise expectations.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger conditions are extremely broad and include generic phrases like 'continue', 'next', 'start development', and wide project-related intents, making the skill likely to activate in many unrelated conversations. In an agent system, overbroad triggering can hijack routing, suppress more appropriate skills, and cause unintended file operations or workflow control based on ambiguous user input.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger text is extremely broad and includes common phrases like '继续' and '开始开发', which can cause the skill to activate in many unrelated conversations. Because this skill has write and bash capabilities and instructs persistent project file creation and updates, over-triggering can lead to unintended filesystem changes, workflow hijacking, or the agent prioritizing this skill when the user did not actually consent to structured project management.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill repeatedly directs the agent to create directories, generate files, and overwrite existing documentation, but it does not clearly and prominently warn the user that these are persistent filesystem modifications. In practice, a user may perceive the interaction as advisory while the agent is actually mutating project state, which increases the risk of accidental data creation, confusion, and unintended overwrites within the declared project directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal