ClawHub

Worldbook

Security checks across malware telemetry and agentic risk

Overview

Worldbook is a coherent knowledge-base CLI skill, but it asks agents to trust and act on remote AI-facing instructions without a clear safety boundary.

Review before installing. Use this only if you will treat worldbook results as untrusted documentation, not authority over the agent. Do not let fetched entries override system, developer, or user instructions, and require explicit confirmation before running commands that change files, repositories, accounts, deployments, payments, or public content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation explicitly tells the agent to fetch remote worldbook content and inject it into context as instructions. This creates a prompt-injection and trust-boundary violation where untrusted remote text can influence subsequent model behavior, potentially leading to data exfiltration, tool misuse, or unsafe command execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example workflow normalizes retrieving external instructions and then executing downstream CLI actions derived from them without any verification step. This is dangerous because a malicious or compromised worldbook entry could steer the agent into running harmful commands or performing unauthorized actions.

Ssd 1

Medium
Confidence
99% confidence
Finding
The line instructing agents to inject untrusted worldbook text directly into context is a direct unsafe design pattern. In this skill's context, the retrieved content is specifically framed as operational instructions for AI, which makes prompt-injection particularly likely and increases the chance of the model following attacker-controlled guidance.

Ssd 4

Medium
Confidence
98% confidence
Finding
The workflow establishes a dangerous pattern: fetch external instructions, read them, then act on them. Because this skill is aimed at AI agents and presents worldbooks as text files that tell agents how to use services, the context materially increases danger by encouraging automated operational trust in remote content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal