ClawHub

Project Planner

Security checks across malware telemetry and agentic risk

Overview

This project-planning skill is coherent, but it can create GitHub issues and push repository changes without a required approval step.

Install only if you want an agent to draft planning documents and create GitHub issues for you. Before using it, ask the agent to show the target repository, proposed file changes, issue contents, labels, branch name, and exact git/gh commands, then approve explicitly before any issue creation, commit, or push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill advertises planning and triage, but its workflow includes creating files, editing docs, creating remote GitHub issues, and pushing a branch. That expands it from advisory behavior into repository-modifying and externally publishing actions, which can surprise users and cause unintended state changes if invoked on ambiguous input.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The metadata says the skill is not for implementing code, yet it instructs the agent to commit changes to a new branch and push them. Even if no source code is changed, committing and pushing repository modifications are privileged side effects that exceed a pure planning/triage role and may trigger automation or create unauthorized work items.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The invocation language includes broad triggers like 'I have an idea' or 'let's plan this feature,' which can cause the skill to activate in many ordinary conversations. Because the skill can create files, issues, branches, and pushes, overly broad activation increases the chance of unintended side-effecting actions from casual or ambiguous user phrasing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow directs repository-modifying and remote GitHub actions without warning the user that files will be created, docs updated, issues published, and branches pushed. Missing disclosure and confirmation is dangerous because users may expect analysis-only assistance and unintentionally authorize durable local and remote changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal