ClawHub

skill-compressor 精简技能*减少token

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill that reads a user-specified skill, writes a reduced copy under `.reduced/`, and does not show hidden execution, deletion, credential use, or exfiltration.

Install only if you want an agent to analyze local skill files. Use an explicit `SKILL.md` path, avoid running it on skill directories that contain private keys or secrets, and review the generated `.reduced/` files and report before replacing originals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README advertises a very broad natural-language trigger: phrases like 'optimize/compress/slim down a skill' could match ordinary conversation and cause unintended invocation of this skill. Because the skill rewrites or generates compressed variants of other skills, accidental activation could lead to unnecessary file operations, confusion, or unintended modification workflows even though it claims not to overwrite originals.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The description says the skill triggers when users ask to optimize/compress/slim a skill, which is broad natural language and can overlap with ordinary editing or refactoring requests. In an agent environment, this can cause accidental invocation and unintended file reads/writes under `.reduced/`, especially when a user mentions token cost without explicitly requesting this skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes ambiguous conditions like requests to optimize/compress/debloat a skill and complaints about token usage when given a SKILL.md path, but it lacks strict constraints. That increases the chance of over-broad routing, where normal discussion about optimization is interpreted as authorization to analyze all referenced files and emit rewritten artifacts.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation condition '分类某段内容拿不准,或想理解为什么按这种方式拆' is open-ended and subjective, which can cause the skill to trigger in situations beyond its intended compression-analysis scope. In an agent environment, overly broad routing increases the chance this background content is loaded unnecessarily, creating misrouting, token waste, and possible interference with more appropriate skills.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest trigger condition is broad enough that ordinary requests about writing reports or adding frontmatter could unintentionally invoke this skill outside its intended compression workflow. Unintended invocation can cause the agent to load irrelevant instructions, increasing prompt-surface area and creating opportunities for workflow confusion or prompt-interference from a skill that was not meant to run.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The template instructs authors to use highly generic trigger stems like '需要...', '想...', and '不确定...', which are common in everyday conversation and therefore likely to match many unrelated user requests. In a retrieval or routing system, this can lead to over-broad file loading, unnecessary prompt expansion, and accidental activation of auxiliary files whose instructions were not needed for the current task.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal