ClawHub
Back to skill

Security audit

Compiling Architecture

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent architecture workflow, but it gives agents under-scoped authority to change architecture registry vocabulary despite earlier read-only boundaries.

Install only if you want this skill to guide both architecture compilation and limited compiler-registry maintenance. Before using the pattern-authoring path, require explicit human approval for any change under schemas/, especially capability-vocabulary.yaml, and review the separate arch-compiler repository before allowing its Python tools to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill's stated scope is architecture compilation/finalization, but it later expands agent authority into authoring new registry pattern files and even modifying capability vocabulary. This scope creep is dangerous because it lets a workflow intended to consume trusted configuration also mutate the rule set that determines future architectural outcomes, increasing the chance of unreviewed policy changes or poisoned pattern metadata.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The file first establishes `schemas/` as read-only for agents, then later instructs agents to update `schemas/capability-vocabulary.yaml`. Contradictory privilege boundaries are dangerous because an agent following the later instruction may alter schema-controlled trust anchors despite earlier guardrails, undermining repository integrity and making unauthorized metadata changes appear sanctioned.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal