ClawHub

Universal Skills Manager

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can persistently change multiple AI agents' skill directories and can package an API key into a shareable ZIP, so it needs careful review before use.

Install only if you are comfortable letting this skill manage skill files that other AI agents will load later. Prefer project-level installs, inspect downloaded skills and remote install scripts first, avoid --force and --skip-scan unless necessary, and do not embed a SkillsMP API key in a ZIP unless the archive will stay private and you can rotate the key if exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print("\nRunning security scan...")

    try:
        result = subprocess.run(
            [sys.executable, str(scanner), str(skill_dir)],
            capture_output=True,
            text=True,
Confidence
84% confidence
Finding
result = subprocess.run( [sys.executable, str(scanner), str(skill_dir)], capture_output=True, text=True, timeout=30 )

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs embedding a live SkillsMP API key into a ZIP file for later upload and distribution. Packaging plaintext credentials into a persistent artifact materially increases exposure risk through accidental sharing, uploads, backups, version control, or compromise of the destination platform.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The packaging flow introduces API-key embedding before prominently foregrounding the credential exposure risk. Presenting insecure secret persistence as a normal packaging option can lead users to create and share sensitive ZIP archives without appreciating the consequences.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The scanner prints a JSON report to stdout that includes `matched_text` excerpts taken directly from scanned files. If this tool is run in CI, logs, terminals, or other shared environments, sensitive data such as secrets, credential paths, or private prompts found during scanning may be exposed to unintended viewers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal