ClawHub

User Provision

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent account-provisioning workflow, but it grants broad live admin power and lacks enough guardrails around execution and password handling.

Install only for a controlled admin environment. Pin and review the external office365-tools repository before use, provide least-privilege dedicated credentials, require explicit confirmation before every create/reset/bulk action, and do not allow initial passwords to appear in chat summaries or logs; send credentials only through an approved secure channel.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The top-level description includes broad activation phrases such as '新增用户', '开户', and '建账号', which can overlap with ordinary helpdesk or conversational requests and cause the agent to launch a privileged provisioning workflow without sufficiently specific intent confirmation. In this skill, the danger is amplified because execution can create accounts, assign licenses, reset passwords, and send notification emails using highly privileged credentials.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The mandatory trigger table maps ambiguous utterances like '给 XX 开账号' and '新建用户' directly to execution behavior, which risks misclassification of vague requests into account provisioning operations. Because the skill can create identities across Office 365 and Adobe and trigger downstream emails, an incorrect trigger can lead to unauthorized account creation, license consumption, and exposure of onboarding credentials or invitations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal