ClawHub
Back to skill

Security audit

Skill Safety Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local scanner skill with optional, disclosed cleanup and scheduling steps that users should approve carefully.

Use this skill for local audits, but do not blindly run removal commands. Confirm the exact skill name and path before approving uninstall or rm -rf, and only add the cron schedule if you want recurring scans and scan summaries stored in memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a local scanner/reporting tool, but it also documents destructive remediation actions that uninstall skills and recursively delete directories. Even though removal is framed as optional and confirmation-gated, this expands the skill's capability beyond passive auditing and can mislead users about its true operational scope.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Automatic removal is not necessary to fulfill the stated purpose of a scanner and introduces unnecessary destructive capability. A skill that both detects and deletes creates a higher-risk workflow, especially if findings are noisy, manipulated, or misinterpreted.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The text claims the skill does not modify files without explicit confirmation, yet elsewhere it includes uninstall and recursive delete commands that change system state. This inconsistency can cause users to underestimate risk and approve a skill under false assumptions about its behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
SKILL.md:75