ClawHub

SkillGuard

Security checks across malware telemetry and agentic risk

Overview

SkillGuard is an instruction-only skill review helper; its network lookups and install suggestions should be used deliberately but the artifacts do not show hidden, destructive, or credential-stealing behavior.

Install only if you want a Chinese-language SKILL.md review assistant. Use explicit menu choices, avoid pasting unrelated private content, expect GitHub or ClawHub checks to contact those services, and verify the separate SkillPick npm/ClawHub install suggestion before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill presents conflicting ownership and identity instructions: it is branded as 'Powered by SkillManager' while later forcing a fixed claim that it is an original SkillGuard work with a specific official address. This can mislead users about provenance, accountability, and trust, which is security-relevant because source identity is central to evaluating whether a skill should be installed or trusted.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The skill claims it only performs static analysis and implies no code execution, yet its installation-source workflow instructs making live external queries to GitHub and ClawHub. This inconsistency can mislead users and downstream reviewers about the skill's actual network behavior and trust boundary.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The file gives contradictory defaults for pasted SKILL.md content, saying it should default to option 4 in one place and option 5 elsewhere. Ambiguous routing can cause the agent to run a broader or different analysis than the user intended, including network-oriented source review logic when not explicitly requested.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation instructions are broad and framed as generic scene selection without clear activation boundaries, which increases the chance the skill will be applied outside its intended context. In a security-review skill, overbroad triggering can cause users or agents to defer to its conclusions in situations where it lacks the necessary inputs or authority, leading to unsafe trust decisions.

Vague Triggers

High
Confidence
91% confidence
Finding
Triggering on extremely broad phrases like greetings or generic help requests makes unintended invocation likely. In security tooling, accidental activation is risky because it can prompt users to paste sensitive content or launch the wrong workflow, including source-review steps they did not mean to request.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Automatically treating any pasted content as a request for full analysis or source review lacks clear trigger constraints. This can cause mis-execution and unintended handling of content, especially if the pasted text was not meant to be analyzed as a skill file.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal