ClawHub

Skill Builder

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only skill that guides users through designing new skills, with optional install and publishing steps that need careful user review.

Install is reasonable if you want a guided skill-design helper. Before letting it install a generated skill, review the SKILL.md and file list. For publishing, use a scoped, revocable ClawHub token and do not share broad long-lived credentials in chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill goes beyond dialogue-based skill design by offering to install the generated skill directly into the user's workspace. That expands scope from advisory content generation into making environment changes, which can enable unintended persistence or deployment of unsafe generated artifacts without a distinct authorization boundary. In a meta-skill that creates other skills, this is especially risky because any design flaws or prompt-injected content could be propagated into an installed asset.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill asks the user for a ClawHub token even though its stated purpose is to help design/build skills through conversation. Soliciting credentials introduces secret-handling behavior that is outside the declared scope and creates risk of credential exposure, misuse, or normalization of sharing sensitive tokens in-chat. Because this is a meta-skill capable of generating and packaging other skills, combining it with token collection could facilitate unreviewed publication of unsafe content.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation condition is overly broad, triggering on generic requests like creating or designing a skill. Broad matching can cause the meta-skill to activate in contexts where the user did not intend to invoke a powerful skill-construction workflow, increasing the chance of prompt hijacking, unintended capability exposure, or interference with other more appropriate skills. In a skill that can generate complete skill packages, over-triggering raises the risk surface beyond a normal informational assistant.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal