ClawHub
Back to skill

Security audit

Forever Healthy AI4L - AI for Practical Longevity

Security checks across malware telemetry and agentic risk

Overview

This instruction-only evidence review skill is mostly coherent, but its VERIFY and automated audit workflows can modify project and agent-instruction files without a clear confirmation boundary.

Install only if you are comfortable with an instruction skill that writes and revises Markdown evidence reviews, may use web tools and sub-agents, and may run a local counting script. Treat VERIFY as the main risk: run it only in the intended project directory and review or require confirmation for any proposed edits to SKILL.md, CLAUDE.md, PERSONA.md, README.md, docs, or examples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill contains conflicting instructions: earlier it says prior audit results must not be used, but later it instructs the auditor to extract issues from prior audits and include them. This can contaminate an independent review, create instruction ambiguity, and let stale or adversarial prior content influence current outputs.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as an evidence-review workflow, but the VERIFY command authorizes checking and fixing repository files such as SKILL.md, README.md, and other documentation outside ./results/. That expands the tool's write scope beyond what a user would reasonably expect from its description and creates a pathway for unintended repository-wide modifications.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill contains a general safety rule forbidding edits outside ./results/ without explicit user permission, but the VERIFY workflow contradicts it by instructing automatic fixes to files outside that directory. This conflict weakens guardrails and can cause an agent to override the safer global rule, leading to unauthorized edits of repository control files and documentation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to create and overwrite files repeatedly without an explicit user confirmation step or safety boundary. In an agentic environment with filesystem tools, this can cause unauthorized modification or destruction of existing audit artifacts, including loss of prior work or tampering with records.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the auditor to write and run a script. In a tool-enabled environment, this is dangerous because executing generated code can trigger unintended side effects, unsafe file access, or command execution based on adversarial document content or flawed assumptions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The instruction to fix inconsistencies automatically introduces write behavior without a prominent warning in the skill description or command preamble. Users may invoke VERIFY expecting inspection only, while the agent may silently alter project files, increasing the risk of accidental or unauthorized changes.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The FULL command chains creation, audit, and automatic fixing, which guarantees file creation and modification but does not clearly warn the user that writes will occur. In a repository context, this can lead to unexpected file churn or edits being made under a broad command trigger.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
ITERATE performs repeated audit/fix cycles with multiple writes over up to 10 iterations, yet it lacks an explicit warning about repeated modifications. This amplifies the risk of unintended edits, since a single command can trigger many automated changes and compound mistakes across iterations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.