ClawHub

胡田 OPC导师 迭代训练

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can broadly and semi-automatically rewrite other skills, so it should be reviewed before installation.

Install only if you want an agent to help revise other skills. Before use, restrict it to a named target skill, require approval before reading project-management files, and review diffs before any SKILL.md or reference document is changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very generic terms such as “训练”, “练一下”, and “迭代”, which are common in normal conversation and can cause the skill to activate unintentionally. Because this skill can then read/write training artifacts and modify other skill files, accidental invocation can lead to unexpected workflow changes or file operations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill allows activation from internal signals like weekly reports, low-usage detection, dissatisfaction, and quarterly rotation without a clear user-approved invocation boundary. This creates a risk of the agent initiating analysis or modification tasks autonomously, which is especially problematic because the skill later instructs updating SKILL.md and related files.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs the agent to update the target skill’s SKILL.md or reference documents, but the skill description does not clearly warn the user that it performs file modifications. Hidden or under-disclosed write behavior is dangerous because it can alter prompts, instructions, or project assets in ways the user did not knowingly authorize.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill reads project-management and tracking files, including call records and weekly reports, without any privacy, minimization, or consent guidance. While this is contextual to the training workflow, it still risks exposing operational metadata or user activity patterns beyond what is necessary for the immediate task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal