ClawHub

council

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent multi-perspective debate helper, but users should know it can spawn multiple agent sessions and leave temporary checkpoint files.

Install this if you want structured multi-perspective analysis. Prefer explicit invocations such as "run council" to avoid accidental activation, expect higher compute/tool use for full councils, and avoid sending highly sensitive topics unless you are comfortable with temporary local checkpoint files and multiple sub-agent contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Low
Confidence
85% confidence
Finding
The implementation recommends storing a checkpoint file containing topic, round progress, transcript fragments, persona list, and model history, but does not mention user notice, data minimization, retention limits, or access controls. In a multi-agent debate skill, these fields can capture sensitive business plans, customer issues, operational details, or internal strategy, so silent persistence creates unnecessary privacy and data-handling risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase at this location is broad enough to overlap with ordinary user requests for multiple perspectives, which can cause unintended activation of the skill. In an agent environment, this may unexpectedly spawn multiple sub-agents, increase token/tool usage, and route user input into a more powerful execution pattern than intended.

Vague Triggers

Medium
Confidence
89% confidence
Finding
This trigger is too vague to reliably distinguish intentional skill invocation from normal conversation, increasing the risk of accidental activation. Because this skill is designed to orchestrate isolated sub-agents and aggregate their output, misfires can amplify cost, complexity, and exposure of user content across multiple agent contexts.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly instructs storing council checkpoint data in /tmp, which creates local persistence of operational context without any user-facing disclosure or retention controls. While the stored fields are not inherently secrets, topics, domains, persona packs, transcript references, and error details may contain sensitive business or user data, and /tmp is commonly shared, ephemeral, or insufficiently access-controlled across environments.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "multiple perspectives" is broad and likely to appear in ordinary user requests unrelated to this skill, which can cause unintended activation. In this skill's context, unintended activation is more concerning because it requires multi-session tools and can spawn/send across sessions, potentially increasing cost, complexity, and exposure of user content to unnecessary agent orchestration.

Vague Triggers

Low
Confidence
82% confidence
Finding
The trigger phrase "stress test this plan" is somewhat ambiguous and overlaps with common planning or brainstorming language, so the skill may activate when a user did not intend to invoke a multi-agent council. Because this skill is designed for broad topic coverage and uses session management tools, accidental activation can lead to unnecessary tool use and expanded handling of user inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal