Skill Finder (Find ClawHub skills + Search Skills.sh)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but its setup can persistently change agent routing outside the local folder it claims to stay within.

Review before installing. Keep setup limited to ~/skill-finder/ unless you explicitly want AGENTS.md or routing memory changed, and require confirmation before external searches or any skill installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The setup claims that no data will be written outside `~/skill-finder/`, but later instructs modifying `AGENTS.md`, which is outside that declared workspace boundary. This creates a trust and integrity problem: a user may consent to a local-only setup while the skill silently changes broader agent behavior and persistence, potentially affecting future routing and loading decisions beyond this skill.

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The documented boundary says to never write to global agent memory outside `~/skill-finder/`, yet the setup directs editing `AGENTS.md`, which effectively acts as global agent steering. That contradiction is dangerous because it enables persistent behavior changes outside the advertised scope, increasing the risk of unauthorized routing manipulation, unexpected auto-loading of the skill, and erosion of user control over future agent behavior.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The activation signals are broad enough to match ordinary help-seeking language such as "How do I do X?" and "Can you do this better?", which can cause the skill to trigger in many unrelated conversations. Because this skill can lead the agent into searching external registries and proposing installations, overbroad invocation increases the chance of unnecessary external queries and risky tool-selection behavior without a tightly scoped user request.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The description defines expansive invocation conditions like "when the user needs new capabilities" or "better workflows," which are subjective and apply to a very large set of normal interactions. In context, this broad scope is more dangerous because the skill is designed to search and install third-party skills, so ambiguous activation can steer the agent toward external supply-chain decisions when a direct answer would be safer.

Vague Triggers

High

Confidence: 95% confidence
Finding: The trigger rules are broad enough to activate the skill on common phrases like 'How do I do X?' or 'Can you do this?', which can cause the agent to search for and recommend external skills even when the user did not ask to install or evaluate third-party code. In a skill-discovery skill, this increases the chance of unnecessary exposure to untrusted registries and can steer routine conversations into risky supply-chain actions.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal