ClawHub

AI Company HQ

Security checks across malware telemetry and agentic risk

Overview

This is a coherent HQ coordination skill, but it asks for broad cross-agent, state, logging, and knowledge-capture authority without enough user-scoped limits.

Install only if you intentionally want a powerful central coordination hub. Restrict file paths, API destinations, MCP recipients, and subagent use; require confirmation for broadcasts, shared-state changes, and KB publication; and define privacy, redaction, retention, and deletion rules before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are very broad and generic, making it likely the skill will activate for ordinary requests unrelated to explicit user intent. In a skill with coordination, write, network, and subagent capabilities, over-broad activation increases the chance of unintended orchestration, data handling, or external communication.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill declares file write, network API, and MCP session/subagent capabilities but provides no user-facing warning about modifying data, transmitting context, or creating audit artifacts. This is dangerous because users may invoke the skill without understanding that their data could be persisted, synchronized, or sent across agents and external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The prompt instructs a user to run a workflow that logs execution metrics, updates shared state, and archives records, but it does not warn that these actions may modify persistent system state or expose organizational data. In a copy-paste prompt intended for any AI chat window, this omission is risky because users may unknowingly authorize actions with audit, coordination, or data-retention consequences in an uncontrolled environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list is broad enough to match ordinary coordination or reference-related prompts, which can cause unintended invocation of a high-privilege HQ skill. Because this skill is positioned as a central infrastructure authority with access to routing, shared state, knowledge base, and audit functions, accidental activation expands the chance of over-collection, overreach, or inappropriate handling of sensitive workflows.

Missing User Warnings

High
Confidence
96% confidence
Finding
The knowledge extraction pipeline explicitly says to monitor agent conversations and outputs, identify new knowledge, and publish extracted content, but it provides no consent, minimization, or privacy-boundary controls. In a centralized HQ skill with broad authority and permanent archival behavior, this creates a serious risk of collecting sensitive, proprietary, or personal data and redistributing it into the knowledge base without user awareness.

Ssd 3

Medium
Confidence
93% confidence
Finding
This instruction operationalizes surveillance-like behavior by directing the system to scan agent conversations and outputs for extraction into a persistent knowledge base. In context, the HQ skill is a cross-agent coordination hub with audit and state access, so this capability is more dangerous than in a narrow documentation tool because it can aggregate sensitive cross-workflow data and preserve it indefinitely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal