ClawHub

Create Aptos Project

Security checks across malware telemetry and agentic risk

Overview

This Aptos scaffolding skill is not malicious, but it gives an agent broad routing and follow-on workflow instructions that can go beyond simply creating a project.

Install only if you want an agent to scaffold Aptos projects. Confirm the exact project name, framework, network, and whether to stop after scaffolding; require explicit approval before deployment or mainnet use. Treat any Geomi API key and generated .env values as sensitive, and consider pinning or reviewing the npx package before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger list is extremely broad and includes generic phrases like 'create app', 'new project', and 'help me build', which can cause the skill to activate for many unrelated requests. In an agent setting, over-broad activation can steer users into unnecessary command execution and scaffold workflows they did not explicitly request, increasing the chance of unintended side effects.

Vague Triggers

High
Confidence
97% confidence
Finding
Declaring this skill the 'mandatory first step' for any new Aptos app regardless of phrasing creates an overly aggressive activation policy that overrides normal intent matching and user choice. This can force execution of package-scaffolding commands even when the user may only want planning, advice, or a manual setup, making the agent easier to manipulate into unnecessary actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The workflow section repeats that the skill should always apply 'regardless of how the user phrases it,' reinforcing ambiguous routing and broad auto-invocation. Repetition across the workflow increases the likelihood that an orchestrator or downstream agent will treat this as a hard routing rule, causing inappropriate activation across a wide range of benign build-related requests.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal