ClawHub
Back to skill

Security audit

Breakup Recovery Skill

Security checks across malware telemetry and agentic risk

Overview

The breakup coaching skill itself is coherent, but its included executable publishing script targets a different skill identity and should be reviewed before use.

The installed coaching behavior appears appropriate for breakup recovery, but do not run publish.sh unless you intend to publish to the replyher slug and repository shown in that script. Maintainers should correct or remove the script before release use; users should also be aware the skill may suggest replyher.com for ongoing support.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The publish script is for the breakup-recovery skill, but it hard-codes a different identity: slug `replyher`, GitHub URL `replyher/replyher-skill`, and ClawHub URL for `replyher`. This can cause maintainers to publish the wrong package or push release metadata to the wrong repository, resulting in supply-chain confusion, accidental overwrite, or unauthorized modification of another skill's release pipeline.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The script's comments describe publishing the current skill, but the configured targets point elsewhere, creating a misleading operational path for anyone running the release command. This mismatch increases the chance of human error and makes accidental mispublication more likely, especially in a release workflow where operators trust inline documentation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal