ClawHub
Back to skill

Security audit

Qa Shift Right

Security checks across malware telemetry and agentic risk

Overview

This is a coherent production testing guidance skill, with operational risks that should be managed but no hidden or malicious behavior in the artifacts.

Install only if you want an agent to advise on production testing practices. Before applying its monitoring or chaos-engineering recommendations, require explicit authorization, privacy review for user analytics, scoped blast radius, rollback readiness, observability, and incident-response coverage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The condition “需要将测试延伸到生产时” is open-ended and lacks scope, prerequisites, or safety boundaries. Because this skill recommends gray releases, monitoring, and chaos practices in production, ambiguous activation can lead to unsafe advice being applied in live systems without adequate safeguards.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The condition “需要将测试延伸到生产时” is open-ended and lacks scope, prerequisites, or safety boundaries. Because this skill recommends gray releases, monitoring, and chaos practices in production, ambiguous activation can lead to unsafe advice being applied in live systems without adequate safeguards.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The monitoring guidance includes user behavior analysis, feedback collection, and production telemetry, but it does not mention data minimization, consent, retention, access control, or regulatory constraints. In production contexts, this omission can normalize collection of sensitive or personally identifiable data without privacy review or lawful basis.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends production chaos engineering and fault injection but does not warn that these actions can degrade availability, corrupt state, or impact real users if poorly controlled. In a live environment, omission of safeguards such as blast-radius limits, approvals, maintenance windows, and rollback criteria materially increases operational risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal