ClawHub

App Builder

Security checks across malware telemetry and agentic risk

Overview

This app-building skill is mostly coherent, but it encourages production deployment without a clear final safety and consent step.

Install only if you want an agent to help plan and build full-stack applications. Before allowing deployment, require explicit approval for the target environment, public exposure, costs, secrets, authentication, payment settings, and data sources; review generated code before connecting real accounts or publishing anything live.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill description is broad enough to trigger on many ordinary software-related requests, which can cause unintended invocation and overreach into tasks the user did not explicitly mean to delegate to this skill. In an agentic setting, overly broad routing increases the chance of unsafe actions being proposed or taken under the wrong context, especially because this skill includes build and deploy guidance.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The keyword matrix uses very generic tokens such as 'api', 'service', 'dashboard', and 'management' to classify requests, which is error-prone and can misroute benign or ambiguous user input into an implementation workflow. Because the skill then recommends stacks and proceeds toward planning/building, weak classification can amplify mistakes into security-relevant actions or code generation in the wrong context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow explicitly includes deployment and 'provide URL' behavior without a clear warning or consent gate for production-impacting actions. In a skill designed to build apps, deployment can expose unfinished code, sensitive configuration, test data, or insecure defaults to the public internet, making this more dangerous than similar language in a non-executing planning document.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance to 'Deploy early' encourages pushing a working version quickly but does not warn about risks to privacy, data integrity, or production systems. In the context of an app-building skill, this normalizes premature exposure of incomplete applications and can lead to accidental publication of unsafe features, debug endpoints, or improperly configured infrastructure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal