ClawHub

Learning

Security checks across malware telemetry and agentic risk

Overview

This appears to be a learning-skill generator, but it can be triggered too broadly and may create persistent files or inspect home-directory paths without clear user consent.

Review this skill before installing if you only want normal tutoring or Q&A. Install it only if you want an agent to create persistent study-project files and possibly generated skills; confirm where it will write, disable or narrow generic triggers, and avoid letting it scan your home directory unless you intentionally approve that discovery step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs scanning the user's home directory to detect globally installed agent platforms, which exceeds what is necessary to generate or install a learning skill in the current workspace. This creates unnecessary access to potentially sensitive filesystem metadata and can reveal tool usage or environment details unrelated to the user's request.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match many ordinary requests about learning or getting help, which can cause this skill to activate when the user likely wanted a direct answer instead of installing or invoking a long-running project workflow. In an agent ecosystem, overbroad routing is a real security and safety issue because it can redirect user intent, expand file-system side effects, and increase the chance of unwanted persistent state creation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are very broad and match ordinary requests like 'learn X' or 'teach me X', which can cause the skill to intercept general educational conversations that did not intend skill generation or file-writing behavior. In context, this is risky because the skill has write and bash tools and may steer routine chat into a creator/install workflow.

Vague Triggers

Low
Confidence
76% confidence
Finding
Telling users to activate the installed skill with vague phrases like '开始学习' or '继续学习' lacks scope constraints and may cause accidental invocation in unrelated conversations. While lower severity than the broad top-level triggers, it still increases the chance of unintended tool-backed behavior once installed.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger condition is written to fire on extremely common phrases like '继续', '接下来', '开始学习', and broadly on any expression of wanting to learn a topic. That can cause the skill to activate in many ordinary conversations where the user did not explicitly consent to launching a persistent project workflow, leading to unintended tool use, file reads/writes, and context hijacking away from the user's immediate request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template instructs the agent to automatically create directories and save files as part of normal operation, but does not require an explicit warning and approval before modifying the filesystem. In the context of an over-broad trigger and enabled write/bash tools, this increases the chance of silent or unexpected persistence on the user's workspace, which can surprise users and expand the blast radius of mistaken activation.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger conditions are extremely broad, including generic phrases like '继续', '接下来', '开始学习', and a directive to prioritize this skill whenever learning intent is inferred. This can cause the skill to hijack ordinary conversations and route users into file-reading/writing workflows without clear intent, increasing the chance of unintended activation and downstream data handling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template instructs the agent to create directories automatically and later auto-save plans, notes, summaries, and feedback throughout the workflow, but it does not require explicit user consent before the first write. In a skill with persistent project files, this can lead to unanticipated storage of user-provided content and accumulation of sensitive study history.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal