ClawHub

Clawhub Ai Shifu Course Creator

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This looks like a legitimate AI-Shifu course tool, but it can publish, overwrite, delete, archive, and query sensitive learner/order analytics with a stored login token without enough confirmation guidance.

Install only if you intend to let the agent manage real AI-Shifu courses and analytics. Treat publish/import/delete/archive as production-impacting actions, review course IDs and generated content before running them, and protect or rotate the saved .env token if the workspace is shared.

SkillSpector (8)

By NVIDIA

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger description is extremely broad and can activate on generic course-authoring, deployment, analytics, and learner-progress terms, increasing the chance the skill is invoked outside the user's intended context. In this skill, broad invocation is more dangerous because the skill can perform high-impact actions and access sensitive operational or learner data once engaged.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises deployment, publish, delete, archive, and learner analytics capabilities without an upfront warning that these actions may modify live courses or expose access to sensitive learner data. This is risky because users may invoke the skill for routine authoring and unintentionally enter flows with destructive consequences or privacy implications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document enumerates commands such as import, publish, delete-lesson, archive, and overwrite flows without pairing them with explicit cautions about irreversible or production-impacting effects. In a skill that manages live courses, this increases the chance an agent or user will perform destructive operations on existing content or publish unfinished material because the architecture normalizes these actions as routine workflow steps.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example gives direct `import` and `publish` commands that change real platform state and make a course live, but it does not warn the operator that these actions are externally side-effecting and potentially irreversible. In an agent-skill context, this is risky because an agent or user may follow the example verbatim and unintentionally publish content, exposing unfinished or sensitive material to learners.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The example course prompt explicitly hard-codes 'English (en-US)' even though the document states earlier that output language should follow the language-resolution contract. In a multilingual course-authoring skill, this can override user intent and cause generated course content to appear in the wrong language, creating integrity and usability issues and potentially propagating incorrect locale-specific content into deployed courses.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly states that authentication tokens persist in `{skillDir}/.env` for subsequent commands, but it does not warn that these are bearer credentials that can grant account access if copied, logged, or committed to source control. In an agent skill context, local workspace files are often accessible to other tools, sessions, or users, which increases the chance of inadvertent credential exposure.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The reference documents state-changing and destructive operations such as `publish`, `archive`, `unarchive`, and `delete-lesson` without any caution about irreversible or user-visible effects. In an autonomous or semi-autonomous agent workflow, this can lead to accidental production changes or content loss if the model executes commands too eagerly.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The contract hard-codes `zh-CN` as the default fallback language when no stronger signal is present. In a course-generation and deployment skill, this can cause unintended language output, mislocalized instructional content, and downstream publication errors when users did not request Chinese. The issue is more significant here because the skill can generate learner-facing and deployable artifacts, so a silent fallback may affect live courses and analytics workflows rather than just an internal draft.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal