ClawHub

Self-Improving Supply Chain

Security checks across malware telemetry and agentic risk

Overview

This skill is a local supply-chain note-taking and reminder tool; its optional hooks are broader than necessary but disclosed and do not store, transmit, purchase, or modify external systems.

Install this if you want local supply-chain learning logs and reminders. Use project-level hooks with supply-chain-specific matchers, avoid the user-level global hook unless you want reminders in all sessions, and enable Bash output detection only where command output will not include sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document claims the skill is 'documentation-only,' but later provides automatic hook configurations that execute shell scripts during prompt submission and tool use. That inconsistency can mislead users into enabling active code execution they would not have approved if behavior had been disclosed accurately.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Automatic PostToolUse inspection of Bash output gives the skill a passive monitoring capability that exceeds simple note-taking and may expose unrelated command output to pattern matching and follow-on behavior. Even if intended for convenience, this broad observation point can capture sensitive operational data and normalize surveillance-like behavior in a low-risk documentation skill.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Using an empty matcher on UserPromptSubmit causes the hook to run for every prompt, regardless of relevance to supply-chain tasks. This creates unnecessary omnipresent execution, increases exposure to prompt-content inspection, and broadens the blast radius if the script is modified or compromised.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The advanced hook setup again uses an empty matcher, but here it combines broad activation with tool-output-triggered execution, making the monitoring surface even wider. This can cause unrelated prompts and commands to invoke the skill automatically, exposing sensitive context and creating hard-to-audit background behavior.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The empty matcher causes the UserPromptSubmit hook to run for every prompt, not just supply-chain-related interactions. Because the hook executes a local script on every submission, this broad trigger scope increases the chance of unnecessary context injection, prompt pollution, and accidental processing of unrelated or sensitive workflows.

Vague Triggers

High
Confidence
95% confidence
Finding
Recommending user-level global activation with an empty matcher makes the hook fire across all repositories and sessions, far beyond the stated supply-chain context. Since hook scripts run with the agent's permissions, this creates a persistent cross-project execution surface and increases the risk of unrelated prompt interception, context contamination, and misuse if the script is modified or replaced.

Session Persistence

Medium
Category
Rogue Agent
Content
### Option 1: Project-Level Configuration

Create `.claude/settings.json` in your project root:

```json
{
Confidence
82% confidence
Finding
Create `.claude/settings.json` in your project root: ```json { "hooks": { "UserPromptSubmit": [ { "matcher": "", "hooks": [ { "type": "command",

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal