ClawHub

MomClaw 元认知造虾师

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only planning skill that clearly discloses its workspace handoff behavior and does not show hidden code execution, exfiltration, or destructive actions.

Safe to install as a planning and blueprinting aid. Before using the creation handoff, confirm the exact target workspace, review generated memory/report/card/skill files, and keep real platform tokens or credentials in a secret manager or environment configuration rather than in Markdown documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill’s stated scope is opportunity assessment and blueprint generation, but later instructions require operational actions such as writing into another agent’s workspace and guiding deployment. This scope expansion is dangerous because it can cause an agent invoked for planning to perform unintended side effects in downstream workspaces without an explicit, separate consent or handoff boundary.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest advertises a metacognitive planning/blueprint skill, but the body broadens behavior into file creation and deployment/platform integration guidance. This mismatch can mislead orchestrators and users about the skill’s authority, increasing the chance that it is auto-selected in contexts where side effects are unexpected or unsafe.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The document says a separate `blueprint-to-deployment` skill can complete the post-blueprint deployment loop, while earlier sections state those deployment-loop steps are mandatory within this skill. Conflicting control boundaries are dangerous because they blur which skill owns side-effecting actions, making accidental duplicate execution, bypass of governance, or unsafe chaining more likely.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file is entirely written in Chinese and provides no indication that users may interact in another language or request localization. This can exclude users, reduce transparency of agent behavior, and cause unsafe misunderstandings if users cannot accurately interpret evaluation criteria or outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal