ClawHub

work-estimation-en

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal project-estimation skill that creates local Excel reports, with some scoping and test-script cautions but no evidence of exfiltration or unsafe automation.

Install only if you are comfortable letting the agent process requirement text or requirement documents you choose and create local Excel files. Review output locations before generating reports, and do not run the bundled test script unless you trust the referenced local path or update it to import the packaged generator directly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger description includes broad wording such as 'or similar terms,' which can cause the skill to activate on loosely related requests. In an agent environment, unintended invocation can expose user content to this skill unexpectedly and cause confusing or unauthorized processing of documents or requirements text.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The example phrase 'Help me estimate this project' is common language and may overlap with ordinary conversation outside the intended specialized workflow. This increases the chance of accidental routing to the skill, though the impact is lower because the phrase still loosely aligns with estimation intent.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill accepts a 'requirements document path' and lists supported file formats, but it does not warn users or the runtime about local file access implications. In agent systems, allowing path-based input without clear constraints can lead to unintended reading of sensitive local files if invocation or path handling is too permissive.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The script prepends a user-specific roaming directory to sys.path and then imports executable Python code from there. This creates a module hijacking risk: if that directory or the target file is modified by another local process, untrusted code could be imported and run automatically, which is more concerning in an agent skill context because skills may execute with broad user access and little visibility.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal