ClawHub

SkillMe

Security checks across malware telemetry and agentic risk

Overview

SkillMe is a real skill-search and installer helper, but it can install persistent third-party agent instructions and has under-scoped command and helper-path risks that should be reviewed first.

Review before installing. Prefer workspace installs over global installs, inspect any third-party SKILL.md before enabling it, avoid shell metacharacters in search queries, and verify the converter path points to this skill's own reviewed script rather than an unrelated local file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to perform networked searches and install/convert skills, including writing files to local skill directories, but it declares no permissions. That mismatch weakens governance and user awareness, making it easier for the skill to perform sensitive actions without explicit review or consent boundaries.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger phrases are extremely broad, including generic prompts like 'can you do X' and 'extend your capabilities,' which can cause the skill to activate in many unrelated contexts. Because this skill can search external registries and guide installation of external content, over-triggering increases the chance of unprompted network activity, risky recommendations, or accidental installation workflows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides copyable commands that install external skills and convert third-party content into local executable skill files, but it does not prominently warn users about the risks of running untrusted registry results or GitHub-hosted skill content. In this context, that omission is dangerous because the entire purpose of the skill is to acquire and materialize external artifacts into trusted local skill locations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal