ClawHub

Smart File Manager

Security checks across malware telemetry and agentic risk

Overview

This file-organizing skill is mostly coherent, but it can automatically delete workspace output files during its repair flow without confirming they were safely moved.

Review this before installing if your /workspace contains valuable generated outputs. Use it only when you explicitly want file organization, inspect or back up /workspace/my_outputs/output before running fix-nested.sh, and avoid passing sensitive or unintended local paths to move.sh until the scripts add safer validation and non-destructive cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition '任何文件存档操作前' is very broad and can cause the skill to activate for nearly any file-related action, including low-risk or unrelated workflows. Over-broad invocation increases the chance that the agent will run file-moving or verification steps unexpectedly, which can lead to unintended file operations, workflow interference, or misuse of shell scripts on paths derived from user-controlled inputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script unconditionally performs a recursive deletion of /workspace/my_outputs/output without prompting the user or verifying that the directory is safe to remove. Even though the path is hardcoded and appears intended to clean up an empty nested folder, the lack of confirmation and safety checks can lead to unintended data loss if files remain, if prior moves failed, or if the directory structure is not as expected.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script performs a filesystem write using user-controlled inputs and then automatically invokes another script without any confirmation, validation summary, or safety gate. In a file-management skill that handles user-supplied files, this increases risk of unintended file operations and compounds impact if `verify.sh` has side effects or trusts the generated filename/path context.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal