ClawHub

自然语言Skill生成器

Security checks across malware telemetry and agentic risk

Overview

This is a real skill generator, but it can persist new skills and publish whole skill folders publicly through the user's local ClawHub and GitHub accounts without strong safeguards.

Install only if you intend to let this skill create persistent local skills and potentially publish them. Before using the publish helper, review the generated folder contents, check for secrets or private prompts, verify the active GitHub and ClawHub accounts, and understand that the GitHub repository is created as public by default.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This script adds public release functionality to ClawHub and GitHub even though the skill is described as generating reusable skills from natural-language requirements. In the context of an AI-agent skill, that mismatch is dangerous because a user invoking a 'generator' capability may unknowingly trigger publication of locally created content, potentially exposing proprietary code, secrets, or unpublished materials.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad and map to common conversational requests like creating or generating a skill. Overly broad activation increases the chance of accidental invocation, which is especially risky here because the skill can progress from generation into saving and publication workflows.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage instructions rely on natural-language requests without distinguishing preview-only behavior from save or publish actions. In this context, ambiguous activation is dangerous because ordinary conversation can lead users into workflows that modify local skill libraries or initiate external publication.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description omits a clear warning that generated content may be written into the skill library. This is dangerous because persistence changes the local environment and may create durable artifacts from untrusted or mistaken input without informed user consent.

Missing User Warnings

High
Confidence
95% confidence
Finding
The description does not clearly warn that the skill can publish content to external services such as ClawHub and GitHub. This is dangerous because external publication may expose sensitive content, misuse authenticated accounts, and create public artifacts the user did not intend to release.

Missing User Warnings

High
Confidence
94% confidence
Finding
The auto-publish workflow describes direct publication steps but omits privacy, integrity, and account-scope warnings. In a generator skill, this makes the risk higher because generated content may contain unsafe, proprietary, or hallucinated material that is then automatically pushed to external platforms.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script creates a public GitHub repository and pushes local skill contents without an explicit warning or confirmation that data will become publicly accessible. In this skill context, that is especially risky because generated skills may contain API keys, private prompts, internal workflows, or copyrighted materials that users did not intend to disclose.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal