ClawHub
Back to skill

Security audit

training-delivery-manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent corporate training workflow helper with privacy and file-handling cautions, but no evidence of hidden or malicious behavior.

Install only if you need corporate training delivery workflow support. Before using the travel workflow, share the minimum personal information needed, use approved booking and payment platforms, and send identity or itinerary details only through secure company-approved channels. Verify missing templates before relying on the contract or poster workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide explicitly instructs staff to collect and process sensitive personal information such as name, national ID number, and phone number, but provides no privacy, minimization, storage, or transmission safeguards. In an automation-oriented skill, this omission can lead to over-collection, insecure handling, or disclosure of personally identifiable information during booking workflows.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The guidance tells users to prepay hotels and send full itinerary and lodging details to the instructor, but does not mention verification of payment methods, fraud checks, or secure transmission practices. While operationally normal, in a workflow automation context this can enable phishing, booking fraud, account misuse, or exposure of travel details if messages are sent through insecure channels.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal