ClawHub

Create Skill

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate skill-creation purpose, but its import workflow can write files unsafely when handling crafted ZIP packages.

Install only if you trust the publisher and avoid importing untrusted ZIP skill packages with this version. Before use, the unzip helper should be fixed to reject absolute paths, .. components, and any resolved output path outside the target directory, and users should explicitly approve extraction and registration into ~/.easyclaw/skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to run extraction and registration scripts that can modify the filesystem, but the skill metadata does not declare corresponding permissions or constraints. This creates a capability mismatch: users and the platform may not realize the skill performs write-side effects such as extracting archives and registering content, increasing the risk of unintended or unsafe file operations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description is broad enough that the skill may activate for many generic requests about creating or importing skills, including untrusted third-party skill packages. Because this skill also instructs archive extraction and registration workflows, over-broad triggering increases the chance that risky operations are suggested or initiated in contexts where the user did not intend such actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The import workflow tells the agent to extract zip files and register skills via scripts, but it does not require a user-facing warning or explicit confirmation before performing filesystem-changing operations. In the context of importing untrusted skill packages, this is more dangerous because archive extraction and registration can persist malicious content, overwrite files, or onboard unsafe skills without adequate user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal