ClawHub

Thumbnail QA

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at thumbnail QA, but its documented workflow can automatically edit repositories and create commits from broad triggers without clear confirmation safeguards.

Review before installing. This does not look malicious from the supplied evidence, and VirusTotal is clean, but only use it if you are comfortable with an agent that may start local tooling, inspect your app visually, edit code/CSS, write evidence files, and create git commits. Prefer running it in a clean branch and require an explicit preview or confirmation before applying fixes or committing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The changelog explicitly states that the skill will automatically fix code and create atomic commits, but it does not mention any explicit user confirmation, dry-run behavior, or safeguard before modifying the repository. In an agentic workflow, automatic write and commit actions can surprise users, alter source history, and make unintended changes at scale, especially when triggered proactively after image uploads.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation examples are broad enough to match ordinary user requests like 'Check my thumbnails' or 'Fix image cropping,' which can cause the skill to activate unexpectedly. In this skill, unexpected activation is more dangerous because the README also states it may start a dev server, browse pages, modify code, generate evidence artifacts, and create atomic commits, so a casual request could trigger repository-changing behavior without a clearly scoped confirmation step.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README advertises automatic fixes and atomic commits but does not prominently warn that running the skill can alter repository contents and create commits. This is risky because users may invoke it expecting analysis only, while the skill performs persistent changes, potentially causing unintended code modifications, noisy commit history, or changes committed from an unreviewed automated workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger guidance is overly broad because it encourages proactive activation 'after uploading new images' rather than only on an explicit user request. In this skill, activation leads to repository inspection, possible dev-server startup, file edits, and git commits, so a vague trigger can cause unexpected code modification and shell execution in situations where the user only intended to add assets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description emphasizes thumbnail checking and auto-fixing but does not clearly warn that the skill will automatically edit source files and create git commits. Because the body of the skill performs code changes, updates .gitignore, may start a dev server, and creates atomic commits, insufficient disclosure can mislead users into invoking a workflow with significant side effects they did not knowingly authorize.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal