ClawHub

extropy

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed operator for running Extropy simulations, with expected file writes and provider-key use for that purpose.

Install this only if you trust the extropy CLI already on your machine. Use scoped or test API keys where possible, expose only the provider credentials needed for a run, and keep simulation outputs in a dedicated workspace. Treat study databases, JSONL exports, and reports as sensitive, especially for political, healthcare, crisis, pricing, or targeted-messaging scenarios.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match ordinary analytical discussion, such as asking generally about responses, comparisons, or uncertainty, rather than an explicit request to invoke this specific skill. In an agent-routing system, that can cause unintended activation, leading the system to run a simulation-oriented workflow when the user only wanted high-level reasoning or a different tool, increasing the chance of misrouting and unnecessary execution.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The runbook includes commands that create and modify local state, including generating studies, changing directories, writing outputs, and exporting JSONL results, without an explicit warning that filesystem artifacts will be created. In an agent setting, this can lead to unexpected writes, clutter, overwriting of existing paths, or execution in an unintended workspace if the user has not clearly consented to local modifications.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal