ClawHub

AI Company Framework

Security checks across malware telemetry and agentic risk

Overview

This skill appears to provide workflow-execution guidance with file-write and network-capable behavior, but its scope and user-facing disclosures are not clear enough for those side effects.

Review before installing. Only use it in a workspace where you are comfortable with scoped file changes and external API calls, and require explicit confirmation before it updates shared state, archives records, writes files, or contacts network services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The prompt authorizes a generic AI chat to perform broad operational actions such as verifying dependencies, confirming permissions, loading configuration, updating shared state, and archiving records without defining concrete scope, safeguards, or least-privilege boundaries. In a real agent context, this kind of open-ended workflow prompt can encourage overbroad tool use, unsafe assumptions about authority, and unintended execution of sensitive actions.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The file claims the prompt is 'Not intended for automated agent invocation' while the body is written as an autonomous execution prompt for 'any AI chat window' and instructs end-to-end workflow execution. That mismatch is dangerous because users or downstream systems may treat the disclaimer as a safety boundary even though the actual content is agentic and could still be pasted into systems with tools, memory, or side-effecting integrations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill declares both file write and network API capabilities, yet the user-facing description does not clearly warn that it may modify local files or contact external services. In an agent ecosystem, this increases the risk of users or orchestrators invoking a seemingly administrative/framework skill without understanding that it has side-effecting and data-moving privileges.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger keywords are extremely broad terms like 'Standard', 'Module', 'Pattern', and 'Register', which are common in ordinary technical conversation. In an agent ecosystem, this can cause unintended skill activation, misrouting, or invocation in contexts the user did not intend, increasing the chance of unsafe automation chains or policy bypass through prompt ambiguity.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal