ClawHub

tulisai

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for managing a specific blog workspace; its file writes and git examples are disclosed and purpose-aligned, but users should confirm overwrites, deletes, and pushes.

Install this only if you want an agent to manage the BangunAI Blog repository at the documented path. Require explicit approval before overwriting about.mdx or now.mdx, deleting posts, committing, or pushing changes, and review generated MDX before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill declares automatic activation for very generic prompts such as creating blog content, writing MDX articles, or mentioning the blog name, which can cause the agent to invoke this skill outside tightly scoped blog-management tasks. Overly broad activation increases the chance that filesystem-writing workflows, content templating, or other side effects are applied in contexts the user did not explicitly intend, creating prompt-routing and unintended-action risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These workflows use shell redirection like `cat > "$FILE"` to overwrite blog content files in place, including special pages such as `about.mdx` and `now.mdx`, without any confirmation, backup, or warning. In an agent context, this increases the risk of accidental destructive writes and silent loss of existing content if the workflow is triggered with the wrong file or malformed input.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented `git rm` deletion workflow removes tracked content and encourages committing the removal, but provides no warning that the action is destructive and may be hard to recover once pushed. In a skill meant for an agent, normalizing deletion commands without safeguards raises the chance of unintended content loss from ambiguous prompts or operator mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal