Back to skill

Security audit

中文技能发布工作流程

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate publishing purpose, but it embeds an apparent live ClawHub token and uses it for account-changing publish commands.

Do not install or use this version without editing it first. Remove the embedded token, rotate it if it could be real, use your own scoped credential through a safer login or environment-variable flow, and review every skill before any batch publish.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill includes a hard-coded ClawHub token directly in a batch publishing script. Embedding credentials in distributable documentation is dangerous because anyone who reads, copies, or logs the file can reuse the token to publish content, access account-scoped actions, or abuse the associated ClawHub account.

Missing User Warnings

High
Confidence
99% confidence
Finding
A live ClawHub token is embedded in Markdown without any warning about credential sensitivity or safe handling. This creates immediate secret exposure risk through repository access, screenshots, logs, copy-paste reuse, and downstream redistribution of the skill.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The workflow instructs users to publish to ClawHub but does not clearly warn that this action uploads local skill contents to an external service. In a skill that handles creation, translation, and batch publication, the absence of an explicit external-sharing warning increases the chance of accidental disclosure of unpublished, proprietary, or sensitive content.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.