ClawHub

HolBot Plan

Security checks across malware telemetry and agentic risk

Overview

This is a planning helper with some broad routing and save-location caveats, but its behavior is disclosed, purpose-aligned, and not malicious.

Install if you want an agent to help structure plans and review relevant project context. Before using export, prefer asking it to save under your current workspace or another explicit path, and use explicit commands like /plan or 'deepen the plan' when you want the workflow to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill's own quality bar says to use repo-relative paths and avoid absolute paths, but the workflow instructs saving plans to a fixed absolute path under /home/HolBot/plans. Hardcoded absolute paths can cause data to be written outside the intended workspace boundary, create portability issues across environments, and normalize unsafe file-write behavior in an agent context.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The referenced file documents a `/brainstorm` skill while the manifest metadata is for a `plan` skill. This mismatch can cause the agent to invoke the wrong workflow, apply the wrong decision criteria, or route users into ideation when they requested structured planning, which is a security-relevant integrity issue because behavior no longer matches declared capability.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The metadata description includes broad trigger phrases like 'create a plan' and 'break this down' without tight scoping. In agent routing systems, overly broad matching can invoke the skill unexpectedly, causing unintended workspace inspection, web research, or planning behavior in contexts where the user did not clearly request this skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains ambiguous natural-language phrases in both English and German, but it does not define scope boundaries or disambiguation rules. This increases the chance of accidental activation and can make the agent perform planning steps, context gathering, or file inspection beyond what the user intended.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include very broad natural-language inputs like "mehr Details" and "detaillierter Plan," which can overlap with ordinary conversation and cause the planning skill to activate when the user did not explicitly intend to invoke a deepening workflow. In an agent system, unintended routing can expose more context than necessary to sub-agents or cause unexpected multi-step behavior, making this a real prompt-routing vulnerability even though the workflow itself is not overtly malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal