ClawHub

ClawHub 发布助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawHub publishing helper, with some trigger-word looseness but no hidden or unrelated behavior in the artifacts.

Install this only if you want an agent to help publish or update ClawHub skills. Before allowing any final publish command, confirm the logged-in ClawHub account, target directory, slug, display name, version, changelog, and tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger examples include broad phrases such as “发布技能”, “上传技能”, and especially the English term “publish”, which can match common user intents without enough scoping to ClawHub or this specific skill. That increases the chance of accidental invocation of a skill that can execute shell commands and perform irreversible publication actions.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The metadata.trigger field contains loosely bounded phrases, including generic words like “publish” and “上传技能”, which may over-match unrelated requests. In an agent environment, overly broad trigger routing is risky because this skill has ExecuteShellCommand privileges and can publish artifacts externally.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to “immediately invoke this skill” based on fuzzy example phrases lacks exclusion criteria and encourages aggressive auto-activation. Because the skill can log in, inspect, and publish via shell commands, accidental routing could lead to unintended external actions or disclosure of local project metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal