ClawHub

Auto Skill Installer

Security checks across malware telemetry and agentic risk

Overview

This is a transparent auto-installer for agent skills, with real persistence and third-party install risk that is disclosed and mostly gated by review steps.

Install this only if you want an agent to help add new skills to your environment. Before allowing an install, review the selected source, destination, and whether it is workspace-local or global, especially for GitHub, URL-based, third-party, or yes-flag installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger description is broad enough to activate on generic discussions about missing capabilities or task needs, which can cause the agent to enter a workflow that searches for and installs third-party skills with insufficient user intent confirmation. In a skill whose purpose is software acquisition, over-broad invocation materially increases the chance of unnecessary or risky install behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides concrete commands for installing skills from registries, GitHub, URLs, and package tooling, but does not require a prominent upfront warning or explicit acknowledgment about third-party code, network access, and filesystem changes. Because this skill directly facilitates code acquisition and installation, missing consent and risk framing can lead to unsafe execution of untrusted content or unexpected system modifications.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The default prompt is broadly phrased to automatically find and install skills for a user's task, which can cause the installer skill to activate on very common or ambiguous requests. In a skill whose purpose is discovery and installation of third-party capabilities, over-broad triggering increases the chance of unnecessary installs, unsafe delegation, or attacker-influenced skill selection from loosely related prompts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal