ClawHub

eNSP

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only eNSP topology generator that writes user-requested .topo files and does not request credentials, network access, persistence, or privileged actions.

Install if you want an agent to generate eNSP .topo files. Use it in a workspace where creating a new topology file is acceptable, choose clear filenames, and review the generated .topo before opening it in eNSP, especially if your prompt includes Cloud, IP, UDP port, or interface settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README describes activation in very broad natural language terms, which can cause the skill to trigger for loosely related requests rather than only for explicit eNSP topology generation. In an agent environment, unintended activation can route unrelated user input into a code/file-generation workflow, increasing the chance of incorrect actions or unsafe file output.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The quick-start guidance tells users to 'describe your network topology to the AI,' which is an overly broad activation pattern and reinforces permissive matching behavior. That makes accidental invocation more likely, especially when users discuss networking generally without intending eNSP topology file generation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text is broad enough to trigger on generic requests to create or design network diagrams, which can cause the skill to be invoked in situations the user did not specifically intend for eNSP. This increases the chance of inappropriate tool use and unintended file generation, especially because the skill is coupled to local file creation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly directs the agent to write a .topo file to the current directory without requiring clear user consent or a safe output location. Even though the file type is non-executable, silent local file creation is a security-relevant side effect that can surprise users, overwrite existing files, or be abused through repeated unintended activation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal