ClawHub

Council

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-perspective feedback tool, with the main caveat that user-submitted content is passed to a spawned model sub-agent.

This looks safe to install for its stated purpose. Use it only with ideas or documents you are comfortable sending through your model session, and review any custom .md files added to the agents folder because those files become instructions for future council runs. For best control, invoke it explicitly rather than relying on casual phrasing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README advertises trigger phrases like "send this to the council" and "council of the wise," which are natural-language phrases a user or another agent could easily include in normal conversation. In an agentic environment, broad triggers increase the chance of accidental or prompt-injected invocation of the skill, causing unintended spawning of sub-agents and disclosure of user content to additional personas.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad natural-language examples for invoking the skill, and they can plausibly match ordinary requests for feedback rather than an explicit request to use this skill. In an agentic environment, ambiguous activation can cause unintended delegation, exposing user content to additional sub-agents and causing unexpected behavior or cost.

Vague Triggers

Low
Confidence
83% confidence
Finding
Auto-discovering and including any .md file from the agents folder without clear scope constraints increases the attack surface, because newly added personas are implicitly trusted and executed as part of the council workflow. If that folder can be modified by packages, users, or other skills, a malicious or unsafe persona could be pulled into prompts automatically.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger section provides positive examples but only limited guidance on when not to invoke, so the activation boundary remains underspecified. This can lead to accidental skill execution on loosely related user requests, especially because the skill spawns sub-agents and performs broader analysis than a normal reply.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal