ClawHub

skill-base-cli

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent CLI helper for Skill Base; it can install, update, publish, and configure skills, but those actions fit its stated purpose and are disclosed.

Install only if you intend to use the Skill Base CLI. Before running install, update, publish, import, or global npm commands, confirm the target skill, directory, account, and `SKB_BASE_URL`; treat login verification codes and any resulting tokens as sensitive and keep them in the local login flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly tells assistants to perform actions by running terminal commands, and several documented commands (`install`, `update`, `publish`, and some `list` follow-up flows) can modify local files or configuration. Because the instructions do not require the assistant to warn the user before making filesystem changes, a user may not realize that executing the suggested command will alter installed skills, config state, or local directories.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The publish and GitHub import sections describe workflows that send skill contents or repository-derived data to a remote Skill Base server, but they do not instruct the assistant to obtain informed user consent or warn about data transmission. This is risky especially because `SKB_BASE_URL` may point to a private or non-default server, so local content could be uploaded to an unintended endpoint.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal