ClawHub

Auto Design Clawhub

Security checks across malware telemetry and agentic risk

Overview

This design helper is not clearly malicious, but it is always active, broadly triggered, and can fetch remote design files and write into projects without a clear confirmation gate.

Install only if you want an always-on design assistant influencing UI work. Use it in a branch or disposable workspace, disable automatic behavior if possible, and require explicit approval before any network download or file creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill is marked `always: true`, which causes it to remain active regardless of user intent, and this materially increases the chance of accidental invocation. In combination with later generic triggers and autonomous behavior, the skill can influence unrelated tasks and steer an agent into making network requests or file modifications without sufficiently specific user consent.

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger phrases and keyword list are extremely broad terms like `design`, `style`, `component`, `improve`, and `page`, which commonly appear in ordinary development conversations. This makes unintended activation likely, allowing the skill to inject design-selection logic and downstream actions into tasks that did not clearly request this behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The execution flow explicitly instructs the agent to fetch remote content with `curl` and then create or copy files into the project, but the skill provides no mandatory warning, approval step, integrity verification, or trust boundary for the downloaded material. This creates a supply-chain and unauthorized-modification risk, especially because activation elsewhere is broad and automatic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal