ClawHub

CoolSkill Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent skill-building tool, but it can automatically create local registry files and push generated content to GitHub when credentials are present, with broad activation and no clear confirmation gate.

Install only if you intend to use an agent-assisted skill generator that can write local registry files and potentially push generated artifacts to GitHub. Before use, keep GITHUB_TOKEN and GITHUB_REPO unset unless you explicitly want remote sync, review generated files before registration or publishing, and treat the HTTP example as unsafe outside trusted local networks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger conditions are extremely broad and would match many ordinary requests involving tools, code, APIs, packaging, or agent functions. Over-broad activation increases the chance that the skill runs in contexts where the user did not intend file creation, registry changes, or external synchronization, making unsafe behavior much more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs writing into a registry and optionally pushing generated files to GitHub, but it does not require a clear user-facing warning or explicit consent before modifying local files or transmitting data externally. In agent settings, silent persistence and exfiltration to third-party services are meaningful security and privacy risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The HTTP example uses plaintext http:// for skill invocation without any warning about confidentiality or integrity risks. In the context of an agent skill builder, this is more dangerous because generated skills may process prompts, API inputs, tokens, or other sensitive data that could be intercepted or modified in transit.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The specification instructs the agent to write into a local registry and optionally push content to GitHub, but it does not require explicit user confirmation, dry-run behavior, or clear disclosure of filesystem and remote side effects. In an agent skill that transforms arbitrary resources into generated artifacts, this increases the risk of unintended persistence, repository modification, or exfiltration of generated content to external systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal