ClawHub

Clawdbot Filesystem.Bak

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate filesystem helper, but the package is inconsistent and requests broad local file authority without enough verifiable implementation detail.

Review before installing. Verify the publisher/source and obtain a package that includes the actual filesystem executable or source. If used, grant access only to specific non-sensitive directories, prefer read-only or dry-run modes, and separately review or remove the bundled nano-pdf skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest describes the skill in very broad terms such as 'Advanced filesystem operations' and 'analysis', which can cause overly permissive matching for many common file-related prompts. In an agent ecosystem, this increases the chance of unintended invocation of a read-write filesystem skill, expanding the attack surface and enabling actions broader than the user may have intended.

Vague Triggers

Low
Confidence
81% confidence
Finding
Generic tags like 'files' and 'productivity' are overly broad and may cause the skill to be selected for unrelated or weakly related requests. Because this package declares read-write filesystem permission, even a low-quality routing signal can matter by increasing the chance that a powerful local skill is invoked unnecessarily.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill's description and usage guidance are extremely broad, positioning it as applicable to most tasks involving local files. That increases the chance an agent will invoke powerful read/write/delete filesystem capabilities in situations where a narrower, safer tool would suffice, expanding the blast radius of prompt injection, agent mistakes, or user misunderstanding.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents create, write, edit, move, and delete operations with workflow examples, but it does not provide a prominent general warning that these actions can modify or destroy user data. In an agent setting, that omission can normalize destructive operations and lead to unintended file changes, especially when paired with broad invocation guidance and examples that automate bulk organization or cleanup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal