ClawHub

Rm Safety

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only deletion-safety skill that is coherent with its purpose, though users should still verify paths before approving any delete action.

Install this only if you want your agent to add a confirmation layer around file deletion. Before approving, check the absolute target path, file counts, and whether the target is in an important user folder. Prefer the trash option for recoverability, and remember that choosing backup can place a temporary local copy under /tmp.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill documents safe read-only inspection with quoted paths, but its execution path later says to run the original `rm` command after confirmation rather than reconstructing a sanitized command from validated arguments. If an attacker can influence the original command string, confirmation becomes a thin wrapper around potentially unsafe shell input, enabling metacharacter, globbing, or option-injection issues despite the earlier safety guidance.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The README states that the skill 'automatically activates' whenever a user attempts deletion, but does not clearly bound when interception occurs or how false triggers are avoided. In an agent/tooling context, broad automatic interception can unexpectedly alter command handling or create opportunities for overreach if the trigger matches more than intended.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Exceptions | 例外情况

**Can execute without asking | 无需询问可直接执行:**
- User explicitly says "execute without asking" **AND** path is verified safe | 用户明确说 "不用问了直接执行" **且** 路径已验证安全
- Deleting temp files under `/tmp/` (created by agent, verified by `ls -la`) | 删除 `/tmp/` 下的临时文件(且是我自己创建的,已用 `ls -la` 验证)
- User provided explicit written permission (same session) **AND** path matches permission | 用户提供了明确的书面许可(同一会话内)**且** 路径与许可匹配
Confidence
88% confidence
Finding
without asking

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Exceptions | 例外情况

**Can execute without asking | 无需询问可直接执行:**
- User explicitly says "execute without asking" **AND** path is verified safe | 用户明确说 "不用问了直接执行" **且** 路径已验证安全
- Deleting temp files under `/tmp/` (created by agent, verified by `ls -la`) | 删除 `/tmp/` 下的临时文件(且是我自己创建的,已用 `ls -la` 验证)
- User provided explicit written permission (same session) **AND** path matches permission | 用户提供了明确的书面许可(同一会话内)**且** 路径与许可匹配
Confidence
91% confidence
Finding
without asking

Tool Parameter Abuse

High
Category
Tool Misuse
Content
|------------|--------|
| `y` / `yes` / `确认` | Execute original command | 执行原命令 |
| `n` / `no` / `取消` | Cancel operation | 取消操作,不执行 |
| `backup` | Backup to `/tmp/rm-backup-<timestamp>/` then execute | 先备份到 `/tmp/rm-backup-<timestamp>/` 再执行 |
| `trash` | Use `trash` command instead | 改用 `trash` 命令执行 |

---
Confidence
89% confidence
Finding
rm-backup-<timestamp>/` then execute | 先备份到 `/tmp/rm-backup-<timestamp>/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal