ClawHub

Abaddon

Security checks across malware telemetry and agentic risk

Overview

This red-team audit skill has a coherent security purpose, but it asks for broad sensitive-data access and can store or send audit findings externally without enough clear user control.

Install only in an environment where you explicitly want an aggressive security audit. Before enabling it, confirm the audit scope, disable or restrict Telegram delivery unless needed, require explicit confirmation before scans, and make sure reports are redacted, access-controlled, and deletable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The prompt expands the audit into active secret discovery across shell/config locations such as Keychain, environment variables, flat config files, and shell startup files. Even in a defensive skill, broad credential discovery increases exposure of highly sensitive material and exceeds the narrower manifest description, creating unnecessary collection risk if results are stored or transmitted.

Description-Behavior Mismatch

Low
Confidence
93% confidence
Finding
The skill instructs saving a full technical report with commands, evidence, and remediation into persistent memory. Persisting sensitive audit artifacts can expose system details, discovered weaknesses, and possibly secret-adjacent data to later agents, users, or compromise of the memory store.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill states that summaries are posted to a Telegram Security topic and critical findings trigger immediate DM alerts, but it does not prominently warn that audit results may leave the host. Security audit output can contain sensitive system state, configuration details, and evidence of weaknesses, so silent or poorly disclosed exfiltration to third-party messaging is risky.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill documents writing full command output and evidence to a memory report file without clearly warning that sensitive findings will be stored on disk. Audit artifacts may contain secrets, host details, process information, or credential locations, creating a secondary exposure if the file permissions, backups, or sync settings are weak.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manual trigger phrase "run full assessment" is broad enough to collide with ordinary user requests, making unintended activation of an adversarial scan plausible. In this skill's context, accidental invocation is more dangerous because the scan inspects sensitive sources and posts results to a Security topic, increasing the chance of unnecessary data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The specification describes inspection of environment variables, log files, temp files, SSH keys, and audit logs, and states that results are delivered to Telegram Security topics, but it does not provide an explicit user warning or consent boundary. This creates a meaningful risk of collecting and exporting secrets or sensitive operational details without informed approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Writing an internal technical report to persistent memory without an explicit warning or consent mechanism creates a privacy and security risk. Audit reports often contain detailed host posture, configuration weaknesses, and potentially sensitive file or process information that should not be silently retained.

Missing User Warnings

High
Confidence
97% confidence
Finding
The prompt directs sending findings, including critical issue alerts, to Telegram without any privacy warning or transmission safeguards. Exfiltrating security findings to an external messaging platform can leak sensitive host and incident information, especially if summaries include evidence, paths, services, or compromise indicators.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal