ClawHub

AI Skill Optimizer (EN)

Security checks across malware telemetry and agentic risk

Overview

The skill is an optimizer for other skills, but it also tells agents to modify, roll back, package, and publish skill artifacts without clear user approval gates.

Install only if you intend to let an agent inspect and change other skill artifacts. Use it in an isolated workspace, name one target skill explicitly, review diffs before any write, and treat rollback and ClawHub publish steps as manual actions requiring separate confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill includes package publishing commands (`clawhub package` / `clawhub publish`) that perform an external release action beyond analysis or optimization. That materially expands the blast radius: if invoked on modified content, it could publish unintended, unsafe, or attacker-influenced skill changes without an explicit human approval gate.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documented automatic rollback uses direct `git checkout` to overwrite `SKILL.md`, `scripts/`, and `references/`, which is a repository state modification capability beyond passive analysis. Even if intended for safety, automatic destructive file restoration can discard legitimate work or be abused to revert content without clear authorization or operator awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes publishing a package externally without an explicit user-facing warning or consent checkpoint. In an agentic environment, omission of a strong approval gate for external publication is dangerous because it can turn a content-editing workflow into an unauthorized deployment path.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatic rollback that overwrites repository files without an explicit warning or approval step. Silent destructive actions are dangerous in agent workflows because they can erase local changes, mask auditability, and change repository state in ways the user did not knowingly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal