ClawHub

Tools

Security checks across malware telemetry and agentic risk

Overview

This is a small instruction-only skill for remembering tool preferences, with broad wording but no hidden code, credentials, or automatic actions.

Safe to install as a preference helper. Keep its saved Stack, Preferences, Open To, and Avoid sections accurate, and do not store tokens, passwords, private customer data, or sensitive project details there. Ask for confirmation before letting unfamiliar tools install software, use paid services, post publicly, or change important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description is broad enough to match many unrelated tasks, which can cause the skill to activate outside a clearly bounded context. Overbroad activation increases the chance that its instructions about tool usage influence ordinary requests where narrower, task-specific guidance would be safer.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Phrases like "You can use ANY tool" and "Learn new ones instantly" create an effectively unbounded scope for the skill. This weakens safety guardrails by encouraging application to arbitrary tools and situations without clear eligibility checks, making accidental misuse or overreach more likely.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Adaptive Tool Intelligence

You can use ANY tool. Learn new ones instantly. This skill tracks user preferences, not your limits.

**Rules:**
- Default to user's known tools when they exist
Confidence
91% confidence
Finding
use ANY tool

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal