ClawHub

CTF-SOLVER

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed CTF attack-helper skill, but it gives broad exploit and credential-capture instructions without clear authorization or containment limits.

Install only for authorized CTF or lab use. Run it in a disposable VM or container with no real credentials mounted, and require explicit approval before package installs, exploit execution, remote connections, extraction of untrusted files, or any webhook-based data capture.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to execute shell commands, install packages, and run exploits as part of its normal workflow, without any safety gating, consent, or disclosure. In the context of a skill whose stated purpose is to seize flags 'at any cost,' this materially increases the chance of harmful command execution, environment modification, and misuse of offensive tooling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to interact with external targets and search for writeups/PoCs without warning about privacy, authorization, or data exfiltration implications. Because the surrounding instructions frame unrestricted exploitation as the goal, these network actions are not neutral research steps but part of an offensive workflow that could target real systems or leak sensitive context.

Missing User Warnings

Low
Confidence
84% confidence
Finding
This section instructs the agent to install packages and run extraction/analysis tooling directly on the local system without any safety boundary, consent check, or warning about host modification. In an agent skill, these commands can cause persistent system changes, pull untrusted dependencies, and expand attacker-controlled files, increasing risk beyond passive analysis.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The guidance recommends automatic extraction of nested content from untrusted files without warning that it will write attacker-controlled artifacts to disk. In an agent context, this can trigger unsafe file creation, decompression-bomb scenarios, or accidental handling of embedded malware outside a sandbox.

Missing User Warnings

High
Confidence
99% confidence
Finding
This section explicitly provides XSS payloads to steal administrator cookies or tokens and send them to third-party collection services such as webhook.site or Burp Collaborator. In the context of a skill whose stated goal is to seize flags through exploitation, this is operational guidance for credential/session exfiltration, not defensive education, making it clearly dangerous.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
These sections describe high-impact exploitation techniques including LFI to read sensitive files, log poisoning to achieve RCE, PHP wrapper abuse, SSTI-to-RCE payloads, SSRF to internal services and cloud metadata, and deserialization gadget exploitation. The content is directly actionable and aimed at compromising targets to retrieve flags, which materially increases the likelihood of misuse.

Ssd 4

High
Confidence
98% confidence
Finding
The skill repeatedly frames success as obtaining the flag by any means necessary and normalizes unrestricted offensive activity as its core operating principle. This context makes the entire skill more dangerous because it encourages escalation, bypass of safety constraints, and application of attack tactics beyond benign CTF assistance into real-world misuse.

Ssd 1

High
Confidence
97% confidence
Finding
These instructions present tool use, deep analysis, and iterative debugging as ordinary operational guidance, but semantically steer the model toward exploit development and unrestricted harmful actions. In a CTF-specific skill, that might be acceptable only with strong containment and authorization checks; here, those safeguards are absent and the guidance is broad enough to facilitate real offensive behavior.

YARA rule 'exploit_framework': Exploit framework components and payloads [hacktools]

High
Category
YARA Match
Content
p = process('./binary')

# 找后门函数
win_addr = elf.symbols['win']         # 或
win_addr = elf.symbols['backdoor']
win_addr = next(elf.search(b'/bin/sh')) # 找字符串
Confidence
99% confidence
Finding
from pwn import; from pwn import; from pwn import; from pwn import; from pwn import; ROP(elf); ROP(elf)

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal