ClawHub
Back to skill

Security audit

Standardize the de-upgrading and iteration of SKILL

Security checks across malware telemetry and agentic risk

Overview

This skill appears useful for capturing repeat workflows, but it asks users to install automatic hooks that quietly log session and tool-use metadata with unclear retention controls.

Install only if you explicitly want continuous local workflow logging in Claude Code. Before enabling it, review the hook entries, understand that every session may create local metadata, restrict use on shared or sensitive machines, and plan how to remove the hooks and delete accumulated candidate and /tmp files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly says candidate data 'accumulates silently' and 'You never see this. It just runs,' which describes background collection of session-derived metadata without a prominent consent or retention warning. Even if the logged content is limited, silent persistence of workflow data can expose sensitive project names, tool usage patterns, or operational habits and creates a privacy/security risk if the local files are later accessed or synced.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The install instructions tell users to register automatic PostToolUse and Stop hooks for every session, but the warning about continuous background execution is not prominent and the README frames the behavior as invisible. Auto-executing hooks on all sessions increase risk because they normalize persistent monitoring and can surprise users who do not realize commands run on every tool use and session end.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation description is broad enough that ordinary workflow discussion could trigger the skill unintentionally. In this context, accidental invocation is risky because the skill is described as performing monitoring, file writes, and workflow changes, so weak trigger boundaries can lead to unexpected side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown states that candidate data is auto-written to local files, but it does not provide a clear warning that session metadata will persist beyond the current interaction. Silent persistence of session identifiers, tool usage, and activity summaries can create privacy and auditability concerns, especially if users do not expect cross-session storage.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The template leaves the activation condition as an unconstrained placeholder ('when {{triggering conditions ...}}') rather than enforcing concrete, bounded criteria. In a skill-selection system, vague triggers can cause over-broad or inappropriate invocation of a skill, which increases the chance of unsafe automation, privilege creep, or accidental chaining into sensitive workflows.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.