ClawHub

skill-trust-auditor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-auditing skill whose shell, network, dependency, and optional LLM behavior match its stated purpose.

Install only if you are comfortable running a Python-based auditor that fetches target skill files and installs dependencies. Use --llm only for skill content you are willing to send to Anthropic, and treat the trust score as an advisory screening aid rather than proof that another skill is safe.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and instructs use of shell commands, network-capable tooling, and scripts that likely inspect other skills, but it does not declare corresponding permissions. That mismatch undermines informed consent and security review because users and platforms cannot accurately assess what capabilities the skill will exercise before installation.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger language is broad: phrases like "audit [skill-name]" or running before any `clawhub install` can cause the skill to activate in many contexts, potentially interposing on unrelated workflows. In a security-sensitive skill that executes shell scripts against user-supplied names or URLs, ambiguous invocation increases the chance of accidental execution, unexpected network access, or unsafe handling of untrusted input.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When --llm is enabled, the tool sends flagged context lines and a sanitized SKILL.md excerpt to an external Anthropic API, but the runtime message does not clearly disclose that third-party transmission will occur. This can expose proprietary or sensitive skill content to an external service even if the content is only partially sanitized.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal