ClawHub

原型设计技能

Security checks across malware telemetry and agentic risk

Overview

This prototype-design skill is mostly coherent, but it includes under-scoped persistence, repository commits, local tool execution, and unrelated capability tags that users should review before installing.

Install only if you are comfortable with a prototype skill that may tell your agent to run local tooling, write memory notes, and commit repository changes. Before use, explicitly instruct the agent not to commit, not to write memory files, and not to start servers or browser automation unless you approve those steps, and verify why the listing carries crypto and purchase-related capability tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to run `git add`/`git commit`, which is outside the core scope of prototype design and causes persistent repository mutations. In an agent setting, this can be abused to force unreviewed commits, pollute version history, or create an audit trail that legitimizes unsafe changes.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Directing the agent to write project state into `memory/YYYY-MM-DD.md` creates persistent state outside the prototype artifact boundary. This is risky because it can leak sensitive conversation context, enable hidden cross-session instruction persistence, and influence future runs in ways the user did not request.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill requires browser automation, local server startup, evaluation of page functions, and screenshot capture, which materially expands the agent's operational surface beyond generating prototypes. These actions can execute untrusted local content, interact with unintended services, and expose local application state or sensitive UI data through screenshots.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The file loads Google Analytics (`googletagmanager.com/gtag/js`) and initializes tracking directly in the document without any visible notice, consent flow, or disclosure in the file itself. In a reusable agent skill/design reference, this creates an unnecessary third-party network call and privacy risk for users who may open or render the content without expecting telemetry.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal