Weekly Skills Update

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about updating skills, but it can bulk-update all installed skills and write logs from a simple trigger without a clear confirmation or rollback step.

Install only if you are comfortable with a trigger phrase updating every installed skill in the environment. Prefer running it manually with review, keeping backups or a rollback path, and sending summaries only to destinations you explicitly approve.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill executes `clawhub update --all` and writes output to `/tmp/skills-update-output.txt`, then later updates `SKILLS_INDEX.md` and a log file, all without an explicit warning or confirmation about these system-modifying side effects. This is risky because it can change installed skills, overwrite metadata, and persist logs in a user environment when triggered by a simple phrase, increasing the chance of unintended or unauthorized state changes.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs the agent to push update summaries to the current session or external destinations such as Feishu without a privacy/disclosure warning or consent step. Update summaries and logs can expose environment details, installed skill names, versions, errors, or internal paths, so automatic forwarding may leak operational metadata beyond the local execution context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal