SkillHub Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, user-directed workflow for managing and publishing SkillHub or ClawHub skills, with credential-handling cautions users should follow.

Install this only if you intend to manage or publish SkillHub/ClawHub skills. Before publishing, confirm the registry and account, inspect the folder for secrets or private files, and prefer scoped or short-lived tokens. Avoid pasting tokens into shared terminals or logs; use a safer interactive or environment-based login method if the CLI supports it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs users to pass an API token directly on the command line via `npx clawhub login --token <TOKEN>`. Command-line secrets are commonly exposed through shell history, process listings, terminal logs, CI logs, and telemetry, which can lead to credential disclosure and unauthorized registry access. In this skill context, the risk is elevated because the workflow is specifically designed for publishing to a registry, so a stolen token could let an attacker publish, modify, or inspect private skill content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal