ClawHub

3pass

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent critique helper, but it gives broad context and tool-use instructions without clear limits on what should be analyzed or accessed.

Install only if you are comfortable with a critique skill that may use conversation context and ask the agent to investigate with tools. Prefer invoking it with explicit target text, and review or constrain any proposed command, file read, or web search before allowing it to proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill is described for use on "any claim, diagnosis, plan, or analysis," which creates a very broad activation scope. Broad scope increases the chance of invocation on ordinary conversational content, causing unintended processing of sensitive or irrelevant context and making the skill easier to trigger in situations the user did not clearly intend.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The fallback instruction to analyze "the most recent substantive claim or analysis in the conversation" introduces ambiguous activation behavior and implicit context capture. This can cause the skill to act on content the user did not select, including prior sensitive messages, and may be exploitable through prompt injection planted earlier in the conversation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to "run the test" and use tools such as exec, web_search, and file-reading during refinement, but provides no safety boundaries for data access, command execution, or external communication. In practice, this can turn untrusted user-supplied text into a trigger for risky actions, including executing commands, reading unintended files, or leaking sensitive context to external services.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal