ClawHub

Notre Dame De Paris

Security checks across malware telemetry and agentic risk

Overview

This literary skill is mostly topical, but it includes hidden shell commands that could append to the installed skill file if executed.

Review before installing. The literary content is coherent, but the publisher should remove the shell commands from references/ref-01.md and narrow generic trigger terms. Do not copy or run the embedded echo commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The reference markdown contains shell commands that append content to a file in the user's home workspace, which is executable behavior masquerading as literary reference material. In a skill about a novel, there is no legitimate reason to include file-modifying commands, and if an agent or user copies or executes them, the skill can tamper with its own files or persist unauthorized changes.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Embedded file-write capability is unjustified here because the skill's purpose is to provide background on Notre Dame de Paris, not to alter local files. This creates a hidden modification vector that could be abused for persistence, content poisoning, or staging additional instructions in the skill workspace.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is excessively broad for a literary skill, including generic terms like 'Paris,' 'medieval,' 'Gothic,' 'architecture,' and 'fate' that can appear in many unrelated conversations. This can cause unintended invocation, leading the assistant to inject off-topic guidance or override a more appropriate skill, which is a prompt-routing and reliability weakness even though the content itself is non-executable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown includes undisclosed shell commands that modify a file, so anyone treating the reference as trusted content may be exposed to unintended system changes. Even without direct execution by the platform, hiding operational commands inside prose is deceptive and increases the chance of accidental execution or downstream automation misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal