ClawHub

Akashic Report Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Akashic-powered report generator, with the main caveat that report prompts and context may be processed by an external MCP service.

Install this if you intend to use Akashic's external MCP service for report generation. Avoid including confidential, regulated, or sensitive business information unless you trust that provider's data handling, and explicitly request compliance or regulatory review for high-stakes reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are generic enough to activate on many ordinary user requests, which can cause this skill to intercept prompts that were not specifically intended for the Akashic report workflow. Because the skill routes content to external report-generation and research tools, overbroad triggering increases the chance of unintended tool use and unnecessary disclosure of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send user-provided report requests and context to external multi-agent tools but does not warn users that their content may leave the local system. This creates a privacy and consent risk, especially if users include sensitive business plans, internal data, or regulated information in report requests.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger phrase 'write report' is close to a common built-in authoring command and may cause the skill to override or intercept normal writing workflows. In this skill, that matters because activation can lead to external tool invocation and transmission of user content to a third-party platform without the user explicitly choosing that integration.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
88% confidence
Finding
The trigger phrase 'create report' conflicts with a generic built-in creation intent and can activate the skill for routine requests that are not meant to use Akashic. This increases the risk of unintended external processing, especially given the workflow's direct use of report-generation and research tools.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal