ClawHub

manual-to-solution操作手册转解决方案

Security checks across malware telemetry and agentic risk

Overview

This appears to be a document-conversion helper with some broad triggers and shell-based setup steps, but no artifact-backed evidence of deception, exfiltration, or destructive behavior.

Install only if you want a skill that may read the manuals/reference files you provide and run local setup or generation commands. Review any package-install command before approving it, and use explicit prompts such as converting an uploaded operation manual into a proposal rather than generic proposal-writing requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read local reference files and invoke shell commands to install packages and run Python scripts, yet it declares no permissions. This mismatch is dangerous because it can bypass expected trust boundaries, causing users or orchestrators to invoke file-system and shell-capable behavior without explicit review or consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match ordinary document-writing or proposal-generation requests, which can cause the skill to activate outside its intended context. Overbroad activation is risky here because the skill includes file reads and shell-based workflow steps, so accidental routing may expose local files or lead to unnecessary command execution.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The English trigger keywords use generic phrases like 'solution proposal' and 'rewrite proposal' without clear scope boundaries, making accidental invocation likely during normal business-assistance tasks. In this skill's context, misrouting is more dangerous than usual because activation can lead to reading referenced files and suggesting or performing shell-driven artifact generation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal