ClawHub

Skill Factory

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can change local skill files and publish externally while using very broad activation triggers that could route unrelated requests into a high-impact workflow.

Install only if you want an agent-assisted skill authoring and publishing workflow. Before using it, review any proposed edits to existing skills, require explicit confirmation before publishing to Xiaping, GitHub, or ClawHub, and consider narrowing the broad trigger terms so ordinary AI/tool requests do not invoke it accidentally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
90% confidence
Finding
The trigger phrases are very broad, including common requests such as creating or installing a skill, which can cause the skill to activate in many ordinary conversations. In a skill that can modify local files and potentially publish externally, overbroad activation materially raises the risk of unintended execution and unauthorized changes.

Vague Triggers

High
Confidence
93% confidence
Finding
Platform trigger keywords like 'AI', '效率', and '工具' are too generic to safely gate a skill with write, shell, and publishing capabilities. Such loose activation conditions can cause accidental routing and increase the chance that unrelated prompts invoke privileged behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The description emphasizes convenience and automation but does not clearly warn that the skill may modify local skill files and publish content to external platforms. Missing disclosure is dangerous because users may trigger the skill without understanding its side effects, especially when combined with broad triggers.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal