ClawHub

发布智能体技能_无限

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to publish a local skill to ClawHub, but it gives the agent enough authority to delete a local backup file, drive the desktop file picker, accept a license, and publish publicly without a clear final confirmation step.

Use this only when you intentionally want the agent to publish a specific folder to ClawHub. Before running it, confirm the folder contents, the logged-in ClawHub account, the slug/display name, and the MIT-0 license choice. Be aware it may delete SKILL.md.bak and overwrite the clipboard while controlling the Windows file picker; require a final explicit approval before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to activate on common publishing-related requests, which can cause the skill to run in contexts the user did not explicitly intend. Because this skill performs browser automation and local file operations, overbroad invocation increases the chance of unintended actions on the user's system or account.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs unconditional deletion of a local file (SKILL.md.bak) with force and silent error handling, but does not require explicit user confirmation or explain the data-loss risk at the point of action. Even if the target file seems low-value, silent deletion of local files is a hazardous side effect and can normalize unsafe behavior in automation flows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal