ClawHub

Nova Skill Evolution Tracker — 技能进化追踪系统

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it describes recurring skill monitoring, persistent local writes, broad activation, external notifications, and automatic patch updates without clear user controls.

Install only if you intentionally want a skill-management helper that can read tracked skill files and keep persistent reports. Before enabling it, require explicit confirmation for every run, every skill update, and any outbound notification, and treat its current source-checking results cautiously because the included script records URLs as checked without fetching or analyzing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill specifies capabilities equivalent to file read, file write, and shell execution by instructing access to workspace paths and invocation of a Python script, but it does not declare any permissions or constraints. This creates a dangerous mismatch between what the skill appears allowed to do and what it directs the agent to do, increasing the risk of unintended filesystem modification or command execution without clear user consent or sandboxing expectations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad terms like 'skill更新' and '监测', which can overlap with normal discussion about skills rather than an intentional request to activate this automation-oriented skill. Overbroad triggering can cause the skill to engage unexpectedly and initiate monitoring, file access, or notification workflows outside the user's actual intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation condition says the skill activates whenever Nova receives tasks related to 'Skill 更新', '版本管理', or '专家动态', which is ambiguous and overly inclusive. In context, this is risky because the skill describes automated checks, report generation, and notifications, so vague activation criteria can lead to unintended execution of sensitive operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes periodic collection of external data sources, generation of reports, and enterprise WeChat notifications, but it does not present any user-facing notice, consent requirement, or disclosure of what data will be fetched and who will be messaged. This can result in covert external monitoring and outbound messaging, with privacy, compliance, and operational risks if triggered unexpectedly or against unapproved targets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal