Back to skill

Security audit

Find Skills - 查找技能

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented ClawHub search helper with an explicit dry-run-by-default install option, so it is acceptable but not risk-free.

Use normal search terms where possible, avoid passing sensitive files or stdin as search input, and only run `install --execute` after reviewing and trusting the target skill because that separate skill may add new code and behavior to your agent environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
88% confidence
Finding
The manifest omits inspect, stats, and verify features that the code exposes. While these are less dangerous than installation, undocumented capabilities undermine least surprise and can cause agents or users to invoke network access or local filesystem inspection without understanding the tool's full behavior.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest omits inspect, stats, and verify features that the code exposes. While these are less dangerous than installation, undocumented capabilities undermine least surprise and can cause agents or users to invoke network access or local filesystem inspection without understanding the tool's full behavior.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This is a discovery-oriented skill that also performs package installation through clawhub install when --execute is supplied. In an agent setting, blending discovery and installation raises the risk of confused-deputy behavior, where a user asking to find skills could be steered into installing third-party code that may later execute with local permissions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger text includes the broad phrase `或类似技能发现问题时`, which can match many loosely related user intents and cause the skill to be invoked unexpectedly. Because this skill can access local installed-skill data, shell out to `clawhub`, and optionally install packages, over-broad triggering increases the chance of unnecessary data exposure or unintended side effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.