ClawHub

AI开发工程师全流程工作流

Security checks across malware telemetry and agentic risk

Overview

This is a broad AI application development workflow skill with optional helper scripts; its network and credential use is purpose-aligned and not hidden.

Install only if you want a broad AI-development workflow to activate for general AI app engineering tasks. Treat the eval runner as a remote API tool: use mock mode or sanitized test data unless you are comfortable sending prompts and examples to OpenAI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is extremely broad and overlaps with many ordinary AI-development requests, increasing the chance that this skill activates in contexts where a narrower or safer skill should be used. Overbroad activation can cause unintended workflow takeover, excessive instruction injection into conversations, and reduced operator control over what guidance is applied.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The phase-one activation condition fires on very generic inputs such as any request to design an AI system technical plan, which is likely to match many unrelated conversations. Ambiguous activation increases the risk of inappropriate skill engagement and context pollution, especially in multi-skill environments where precision matters.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The full-workflow invocation phrase 'help me build an AI app from scratch' is broad enough to capture a large class of common requests and may trigger a heavyweight eight-phase workflow when the user only wants a small subset of help. In an agent ecosystem, this can lead to overreach, prompt bloat, and unintended dominance over more specialized or safer skills.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
When not using mock mode, the script sends test queries and any loaded system prompt to the OpenAI API without an explicit warning, confirmation step, or data-classification safeguard. In an AI engineering workflow, evaluation datasets and prompts often contain proprietary instructions, internal examples, or sensitive business data, so this can cause unintended third-party disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal