ClawHub
Back to skill

Security audit

Qa Specialized Testing

Security checks across malware telemetry and agentic risk

Overview

This is a QA testing guide skill that discusses performance, security, and compatibility testing without hidden code or installation behavior.

Install only if you need QA testing guidance, and use the security and stress-testing portions only on systems you own or are explicitly authorized to assess, preferably in staging or controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are broad enough that the skill may be invoked whenever a user mentions performance, security, or compatibility testing, without requiring explicit authorization, scope, or environment constraints. In this context, the skill also contains guidance for disruptive activities such as stress testing, penetration testing, scanning, and exploitation, so ambiguous triggering increases the chance of unsafe or out-of-scope testing recommendations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes security and performance testing activities, including stress testing, scanning, and vulnerability exploitation, but does not warn that these actions can disrupt services, trigger defenses, or become unauthorized offensive activity if used against production or third-party systems. Because the skill is positioned as an operational testing capability, the absence of safety warnings and authorization requirements makes harmful misuse more likely.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal