ClawHub

My Skills index wiki page

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only index generator that reads skill documentation and writes a disclosed SKILLS_INDEX.md file.

Install this only if you want an agent to read local skill README/SKILL files and produce an index. Prefer scanning a specific directory instead of all global agent skill paths, back up or review any existing SKILLS_INDEX.md before updating it, and do not share the generated index unless you are comfortable exposing the listed local skills and links.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create or modify `SKILLS_INDEX.md` on disk without requiring an explicit user confirmation at write time. In an agent setting, silent filesystem writes can surprise users, overwrite curated content, or be chained with untrusted repository content to persist misleading or attacker-influenced index data.

Ssd 1

Medium
Confidence
82% confidence
Finding
The instruction to ignore guidance from another skill and follow this document instead is a form of instruction-priority manipulation inside untrusted content. Even though it appears operational rather than overtly malicious, such language normalizes bypassing higher-level orchestration or safety logic and can interfere with secure skill composition.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: skills-index-generator
description: |
  Create Skills index wiki in case when many Skill files are installed, it’s easy to forget what they do or confuse them.
  Scan the Skills projects under a specified directory and generate a `SKILLS_INDEX.md` index file.
  Use this when the user needs to:
  - "generate a skills index", "create a skill index file", "organize the skill directory"
Confidence
75% confidence
Finding
Create Skills index wiki in case when many Skill files are installed, it’s easy to forget what they do or confuse them. Scan the Skills projects under a specified directory and generate a `SKILLS_IN

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal