ClawHub

Text Spoken Script

Security checks across malware telemetry and agentic risk

Overview

This looks like a script-writing skill that unexpectedly asks the agent to run unrelated image-generation terminal workflows.

Review before installing. Use it only if you expect it to do more than write spoken scripts, including running a terminal-based image-generation workflow. Prefer a version that removes the image-generation/CLI section or splits that behavior into a separate, clearly named skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This is a true security/integrity issue because the skill is presented as a text spoken-script generator, but later injects unrelated terminal-driven image generation behavior and external CLI usage. That mismatch can cause an agent to perform networked command execution and media-generation actions outside the user’s expected scope, increasing the risk of unauthorized tool use and prompt/goal hijacking.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A spoken-script writing skill has no justified need to tell the agent it can execute terminal commands or render images via an external CLI. In context, these instructions expand the skill from harmless text generation into software execution, network access, and possible file handling, which materially raises the attack surface and could lead to unintended command execution or data exfiltration through third-party services.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill contains conflicting directives: one section says to directly output the final script, while a later section overrides that behavior with a multi-step workflow that withholds output and pushes the agent into an execution sequence. These contradictory instructions are dangerous because they create ambiguity that an agent may resolve in favor of the more operationally risky path, enabling scope drift and user-confusing behavior.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is declared as a short-video spoken-script writing skill, but its execution guidance pivots into image generation through an external CLI and terminal commands. This creates a dangerous scope mismatch: an agent invoking what appears to be a text-only skill could be induced to install software, send prompts and local file paths to third-party services, and perform actions unrelated to the user’s original request.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file first instructs the agent to directly output script content, then later overrides that behavior with an interactive workflow requiring prompt drafting, user confirmations, and terminal-based image generation. Conflicting instructions in a skill are dangerous because they can cause the agent to choose higher-risk operational behavior instead of the low-risk text response the user would reasonably expect.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
A spoken-script writing skill has no justified need to execute terminal commands or invoke external rendering tools, so these capabilities are excessive and unsafe. If honored by an agent, they could trigger package installation, network transmission of prompts or local media, and other side effects well beyond text generation, violating least-privilege expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal