ClawHub

PRD GENERATOR - Interactive Demo & iWiki Publish

Security checks across malware telemetry and agentic risk

Overview

This PRD skill is coherent and purpose-aligned, but publishing will upload local PRD content and images to iWiki using the user’s token.

Install this only if you want workspace PRDs and screenshots generated and optionally published to iWiki. Before publishing, review the PRD and images for confidential content, use a least-privilege iWiki PAT, avoid --cover unless you mean to overwrite, and only run optional workspace helper scripts in repositories you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp1

High
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The script is explicitly an MCP client but the declared permissions do not mention MCP capability. That creates a transparency and governance gap: the skill can enumerate and invoke remote tools whose effective privileges may exceed what a reviewer expects from generic network access alone.

Lp1

High
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The script is explicitly an MCP client but the declared permissions do not mention MCP capability. That creates a transparency and governance gap: the skill can enumerate and invoke remote tools whose effective privileges may exceed what a reviewer expects from generic network access alone.

Lp1

High
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The script is explicitly an MCP client but the declared permissions do not mention MCP capability. That creates a transparency and governance gap: the skill can enumerate and invoke remote tools whose effective privileges may exceed what a reviewer expects from generic network access alone.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill instructs execution of helper scripts located in the workspace, such as preview and screenshot tooling that are explicitly outside the packaged skill. Trusting arbitrary workspace-resident scripts expands execution to attacker-controlled content if the workspace is malicious or compromised, which can lead to arbitrary code execution under the agent's permissions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises one-click publishing to iWiki and automatic upload/packaging behavior without clearly warning users that local PRD content, images, and possibly sensitive project information will be transmitted to an external service. In a skill with network and filesystem permissions, this omission increases the risk of unintended data exfiltration because users may trigger publishing without understanding what leaves the local environment.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The publish trigger is very broad, matching common words like '发布' and '上传'. In a skill with network and filesystem permissions plus iWiki write capability, such broad matching raises the chance of accidental activation and unintended publication to external systems.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to create an iWiki API token and persist it in a shell startup file, but it does not warn that this token is a sensitive credential or describe safe handling practices. Persisting long-lived tokens in ~/.bashrc increases the chance of accidental disclosure through shell dumps, dotfile syncing, backups, shared accounts, or local compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal