Back to skill

Security audit

Wuhao Writer - Popular Science

Security checks across malware telemetry and agentic risk

Overview

This is mostly a writing helper, but it includes optional third-party tool installation and automatic maintenance guidance that goes beyond normal article drafting.

Install only if you want a broad writing workflow, not just style prompts. Use the normal ClawHub or WorkBuddy install path, avoid the curl-to-bash command unless you independently inspect and trust it, and require explicit approval before invoking external research skills, syncing content to a knowledge base, or modifying local skill files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill expands from style guidance into installation and use of external tools, creating a supply-chain and trust-boundary problem not justified by a writing-style skill. Users may be nudged to install or invoke third-party components under the skill's authority, increasing the chance of unreviewed code execution or data exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.