ClawHub
Back to skill

Security audit

competitive-ops

Security checks across malware telemetry and agentic risk

Overview

The competitive-intelligence workflow is mostly coherent, but the package includes under-disclosed extra agent capabilities and persistent automation that should be reviewed before installation.

Review the bundled ui-ux-pro-max folder, dependency install steps, and monitor mode before installing. Use this only in a workspace where you are comfortable with local report/tracker writes and external search queries, and avoid enabling monitoring until you have a clear way to inspect and remove the scheduled task.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (21)

Description-Behavior Mismatch

High
Confidence
86% confidence
Finding
The persistence path writes generated content to disk under a caller-controlled base directory and project/page-derived filenames without any explicit user warning, confirmation, or path-hardening. In an agent setting, silent file writes outside the skill's stated competitive-intelligence purpose can create unauthorized workspace modifications, overwrite trusted documentation, or leave deceptive artifacts that later workflows consume as if they were legitimate project guidance.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This script clearly implements UI/UX style-guide search and design-system generation, which is materially unrelated to the declared competitive-intelligence purpose. That mismatch is dangerous because hidden or mislabeled capabilities reduce reviewability and can be used to smuggle in unexpected behaviors that operators would not knowingly authorize.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script can persist generated design-system artifacts to disk, which is outside the stated competitive-intelligence scope and introduces state-changing behavior not implied by the manifest. Even though the writes appear user-invoked, unexpected file creation can be abused for workspace pollution, misleading downstream agents, or planting authoritative-looking artifacts for later consumption.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Generating and persisting UI/UX design-system artifacts is an unjustified capability for a competitive-intelligence skill, indicating capability drift and increasing the chance of unauthorized or confusing actions. In this context, the mismatch makes the behavior more dangerous because users and reviewers would expect competitor analysis, not creation of durable project guidance files that could influence future work.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file contains conflicting write-path instructions: it says to update `competitors.md` after analysis, but also says tracker additions must be written to `data/tracker-additions/` and never edit `competitors.md` directly. In an agent skill, contradictory persistence rules can cause unintended repository modification, data corruption, or unsafe automation behavior because the agent may choose the more destructive interpretation.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The setup flow instructs the agent to install packages, create virtual environments, and create project files, but it does not explicitly warn the user that these actions modify the local environment and repository state. In an agent skill context, omission of a confirmation step can lead to unintended system and filesystem changes, especially when commands are presented as routine setup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Monitor mode sets up recurring cron-based execution and persists schedule state, but it does not clearly warn that this creates durable background automation. Persistent scheduled tasks can continue invoking networked analysis commands long after the initial request, causing surprise execution, data changes, and ongoing resource consumption.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs agents to perform a destructive file operation (`rm -f`) automatically and without any validation, confirmation, or safety checks. In a multi-agent context, this increases the chance of unintended deletion, especially if `company` or path construction is malformed, attacker-controlled, or resolves unexpectedly via symlinks or path traversal.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
These write sites create MASTER and page override files on disk with no user-facing disclosure at the point of write. In an agent environment, undisclosed persistence is risky because it can alter the workspace state, create misleading project artifacts, and influence later automated or human decisions without clear attribution or consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Advertising broad natural-language activation such as "analyze Anthropic" increases the chance that ordinary user conversation unintentionally triggers the skill. In an agent environment that can write files, run tooling, or perform monitoring workflows, accidental invocation can cause unintended research actions, report generation, or external requests.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README states the skill can be triggered via broad natural-language phrases like “分析 Anthropic,” which can overlap with ordinary conversation and cause accidental invocation. In a skill that performs analysis, tracking, reporting, and monitoring actions, unintended activation can lead to unplanned data collection, file writes, or workflow execution beyond the user's intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The monitor mode sets up recurring automated execution via `/loop`, causing periodic network access, competitor research, and local file modifications without prominent disclosure in the top-level description. This can lead to unexpected background activity, repeated external requests, cost/API usage, and persistent state changes that users did not fully anticipate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup flow instructs users to configure a Tavily API key and use an external MCP search service, but the description does not warn that competitor names, research queries, and related business context may be transmitted to a third party. This creates a transparency and data-exposure risk, especially for sensitive market research workflows.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The instructions tell the agent to update competitor data and write reports/snapshots, but they do not clearly frame these actions as persistent writes to repository state that may affect future runs. In a skill that processes external web data, this can lead to silent state changes, accidental poisoning of tracked data, or user surprise about lasting modifications.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The mode explicitly creates directories and files and updates `data/competitors.md`, but it does not warn the user that running the command will persist changes to the local workspace. This is dangerous because users may invoke what appears to be a research command without realizing it performs writes, leading to unintended state changes, repository pollution, or accidental commit of generated content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to write multiple repository files, but it does not warn the user that running analysis will modify persistent project data. In an agent setting, silent writes can surprise users, overwrite prior analysis artifacts, and create unintended state changes that affect later runs or downstream automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The mode explicitly instructs the agent to save pricing snapshots, update company profile files, and add changelog entries, but it does not warn the user that running the command will modify persistent project data. In an agent setting, silent writes are risky because a user may expect research-only behavior while the skill alters tracked intelligence records, potentially overwriting existing data or creating misleading history based on incomplete or incorrect scraped pricing.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The mode explicitly instructs the agent to update several repository files, including batch updates across all competitors, but provides no requirement to warn the user, preview changes, or obtain confirmation before writing. In an agentic context, this can lead to unintended or large-scale modification of tracked data, especially if triggered with `/comp update all`, causing integrity loss or noisy commits even without malicious intent.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
python-dotenv>=1.0.0
playwright>=1.40.0
Confidence
97% confidence
Finding
pyyaml>=6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
python-dotenv>=1.0.0
playwright>=1.40.0
Confidence
97% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyyaml>=6.0
python-dotenv>=1.0.0
playwright>=1.40.0
Confidence
97% confidence
Finding
playwright>=1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal