ClawHub

Ghosted Skill

Security checks across malware telemetry and agentic risk

Overview

The coaching skill itself is low-risk, but it includes a release script that can push Git changes and publish the package under the wrong ReplyHer skill identity.

Installing the skill for conversational coaching appears low risk, but maintainers should not run `publish.sh` unless they intentionally want to push the current Git repository and publish to the ReplyHer ClawHub slug. The publisher should fix or remove that script and clarify activation scope before this is treated as fully clean.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The publish script is for the 'ghosted' skill, but it publishes using the slug and repository URLs for a different skill identity ('replyher'). This creates a real supply-chain/integrity risk: a maintainer could accidentally publish Ghosted content into the wrong marketplace entry or push updates under the wrong brand, causing cross-skill contamination, unauthorized overwrites, or user confusion about what code they are installing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states that the skill 'activates automatically when you need it' without defining clear trigger conditions or scope. In agent ecosystems, vague auto-activation language can lead to unintended invocation on unrelated user conversations, causing unnecessary exposure of sensitive relationship context and unexpected behavioral influence.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal