ClawHub

Qa Gate

Security checks across malware telemetry and agentic risk

Overview

This is a useful QA checklist, but it says it is read-only while also telling the agent to edit reviewed artifacts and write a report file.

Install only if you want a QA gate that may push the agent toward fixing artifacts, not just reporting issues. When using it, explicitly tell the agent to produce findings and proposed edits first, and review any diff before allowing changes or saving reports that may mention sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill explicitly presents itself as read-only, but then instructs the agent to fix artifacts and re-validate them. This mismatch can cause an agent or operator to grant broader write authority than expected, leading to unintended modification of reviewed content and weakening trust in the skill’s safety boundaries.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
Although lower severity than editing the artifact itself, instructing the agent to write a report file contradicts the claim that the skill does not modify anything. In environments where read-only skills are expected not to create files, this can create side effects, confuse audit assumptions, and enable unintended workspace changes.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description contains very broad trigger phrases such as proofread, final check, validate, and fact-check, which can cause the skill to activate in contexts far beyond a narrowly defined QA gate. Over-broad activation increases the chance of the wrong skill being invoked on sensitive or unrelated artifacts, especially in automated routing systems.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The 'When to Use' section encourages use across nearly any deliverable and as a universal final step, but does not define clear limits or preconditions. This broad scope makes accidental invocation more likely and amplifies the impact of the skill’s contradictory write behavior when applied to high-value or sensitive artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal