ClawHub

Skill Forge AI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-building helper with some overbroad trigger wording and network benchmarking, but no hidden code, credential access, destructive behavior, or deceptive data handling was found.

Install only if you want an assistant workflow that can help create new local skills. Review generated skills before relying on them, and avoid putting confidential project names or proprietary terms into benchmarking/search steps because those keywords may be sent to external services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The documented auto-trigger phrases are broad enough to match ordinary user requests like creating or adding a skill, which can cause this skill to activate unexpectedly and take control of unrelated workflows. In the context of a skill that claims it "MUST be invoked IMMEDIATELY" for skill creation, overbroad triggering increases the chance of prompt hijacking, misrouting, or bypass of more appropriate tools.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill requires immediate invocation for broad phrases like 'how to create a skill' or any mention of making/adding a skill, which can cause over-triggering and preempt user intent. In an agentic environment, over-broad routing is dangerous because it can steer conversations into file creation, external lookups, and workflow steps the user did not explicitly authorize.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The interview flow hard-codes user-facing prompts in Chinese without offering language selection or documenting that the skill only supports Chinese. In a mandatory skill-creation workflow, this can cause users to misunderstand questions, provide incorrect requirements, or consent to outputs they did not intend, which undermines reliability and can create downstream security or safety defects in generated skills.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation description is broad enough that ordinary mentions of meeting notes or transcripts could trigger the skill outside a clearly scoped user request. This can cause incorrect tool selection, unintended processing of user content, and reduce user control over when extraction behavior is applied.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill mandates Chinese output and formatting without checking the user's language preference or documenting why a fixed locale is required. This can lead to user confusion, accessibility issues, and unsafe misunderstandings if extracted actions or decisions are presented in a language the user did not request.

External Transmission

Medium
Category
Data Exfiltration
Content
### Step 5a: Search & Rank

Call SkillHub API: `https://api.skillhub.cn/api/v1/search?q=<keywords>`. Rank by: `downloads × 0.4 + installs × 0.3 + stars × 0.3`. Take Top 3. CLI fallback if API unavailable.

### Step 5b: Tencent Manual Compliance Comparison
Confidence
93% confidence
Finding
https://api.skillhub.cn/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal