ClawHub

Art Critique

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed art-critique note-taking workflow, with local session files as an expected part of its purpose and no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the agent creating local art-critique session folders and keeping notes, copied work files, transcripts, or summaries in the working directory. Avoid using it on private or identifying media in shared or synced folders unless you plan to manage or delete those session files afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill grants Bash access even though its primary function is conversational critique and note-taking. Shell access materially expands the attack surface because any prompt injection in artwork, filenames, or referenced content could be turned into command execution, file exfiltration, or broader system interaction unrelated to the stated task.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that each critique creates a session folder and preserves notes, but it does not prominently warn users that local files will be written and retained. Because users may share sensitive creative work, drafts, or personal narration, silent persistence can create confidentiality and privacy risk, especially on shared machines or synced workspaces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly invites users to upload narrated videos and other rich media while also describing persistent critique notes elsewhere, but it does not provide a clear privacy warning tying those sensitive inputs to storage and retention. Voice narration, artwork, and personal context can contain identifying or confidential information, so users need explicit notice before submitting such material.

Vague Triggers

High
Confidence
85% confidence
Finding
The trigger phrases are broad and ambiguous, which increases the chance the skill activates in contexts where the user did not intend persistent critique workflows or file writes. In combination with powerful tools, overbroad activation can cause unintended access to user content and execution of side effects without clear consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs automatic creation and updating of folders, notes, and an index on disk without requiring explicit user notice or consent. Silent persistence is risky because it can store sensitive user material, create an unexpected audit trail, and combine with broad triggers to write data locally when the user only expected conversation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal