ClawHub

Validate

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for legitimate startup validation, but it requests broad shell access and can write a PRD file without clear confirmation or overwrite safeguards.

Review this skill before installing if you use it in repositories with sensitive notes. It should be run only in the intended project workspace, with explicit confirmation before any shell command or file write, especially before creating or replacing docs/prd.md. Avoid putting confidential product names or sensitive idea details into web searches unless that disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
Granting Bash to a skill whose core task is analysis and document generation unnecessarily expands its execution capability beyond least privilege. In this context, the instructions also direct filesystem searching and fallback behaviors, so Bash could be used to run arbitrary shell commands, increasing the blast radius if the skill is prompt-injected via project content or if the model improvises unsafe command usage.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger phrases include broad natural-language prompts such as 'should I build this' and 'generate PRD,' which can cause accidental activation in ordinary conversation. Because this skill can perform external searches, ask follow-up questions, and write files, unintended invocation could lead to unexpected tool use or workspace modification without the user deliberately selecting this skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs creation of docs/prd.md but does not require a user-facing warning or confirmation before writing, so it may overwrite or introduce project files unexpectedly. In a development workspace, silent writes can destroy existing content, create misleading artifacts, or be chained with broad triggers to cause unintended state changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal