ClawHub

Spec Flow

Security checks across malware telemetry and agentic risk

Overview

Spec Flow is a disclosed planning workflow that creates local spec documents and can guide user-approved code changes, with no hidden data theft or destructive behavior found.

Install this only if you want an agent to create `.spec-flow/` files and later help modify project code from those plans. Prefer the default step-by-step mode for important changes, review generated specs and `tasks.md` before implementation, avoid vague batch commands, and run helper scripts only with paths and feature names you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises very broad natural-language triggers such as 'need a plan', 'structured development', and generic Chinese phrases. In agent environments that auto-match skills by fuzzy intent, these phrases can cause the skill to activate when the user did not explicitly request spec generation, leading to unintended file creation and workflow takeover.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README describes modes like '--fast' and 'execute all tasks' that can skip confirmations and perform bulk actions, but it does not clearly warn that these may create files or trigger implementation changes without granular review. In an agent skill context, accelerated execution increases the chance of unintended modifications, especially if activation itself is too broad.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list is very broad and includes common phrases like 'need a plan', 'break this down', and 'design doc', which can cause the skill to activate in situations where the user did not intend to enter this workflow. Because the skill then creates structured files and changes interaction style, accidental invocation can lead to unexpected file creation and workflow hijacking.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description mentions creating a `.spec-flow/` directory, but it does not clearly warn that the skill will create and update multiple files throughout several phases. Users may invoke the skill expecting planning assistance only, without realizing it will persist artifacts on disk, which raises consent and workspace-integrity concerns.

Natural-Language Policy Violations

High
Confidence
95% confidence
Finding
Mandating Chinese output for all generated markdown files without user opt-in can create unsafe mismatches between user expectations, team language, repository norms, and downstream review processes. In practice, this can hide important requirements or implementation details from collaborators and reviewers, increasing the risk of misunderstood changes and unreviewed harmful content entering a codebase.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Batch Mode trigger list includes broad natural-language phrases such as 'execute all' and '一口气执行完', which can be invoked accidentally during ordinary discussion or copied text. In a skill that performs implementation steps and updates project task files, ambiguous triggers increase the risk of unintended bulk execution and larger-than-expected workspace modifications.

Vague Triggers

Low
Confidence
78% confidence
Finding
Step Mode and Phase Mode describe activation phrases but do not define strict boundaries, exact-match behavior, or non-triggering examples. That ambiguity can cause the agent to interpret conversational text as an execution command, though the impact is lower than Batch Mode because these modes execute a smaller scoped set and pause for confirmation more often.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The file mandates updating tasks.md after execution but does not warn users that project files will be modified as part of the workflow. In a spec-driven development skill that creates and edits repository files, lack of explicit notice and consent can lead to unexpected writes, especially when combined with broad execution triggers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal