Skill Feed

Security checks across malware telemetry and agentic risk

Overview

Skill Feed is an instruction-only helper that recommends ClawHub skills using sanitized search terms and does not install code, request credentials, or modify files.

Install if you want the agent to suggest ClawHub skills when workflows fail or are unclear. Review generated search terms when the context is sensitive, and evaluate any recommended downstream skill separately before installing or granting permissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The query templates are intentionally generic, but several phrases are broad enough to match common user goals without adequate scope constraints. In a recommendation engine, this can cause the system to retrieve irrelevant or overly powerful automation skills, increasing the chance of unsafe or mismatched recommendations when users describe ambiguous failures or blocked workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal