ClawHub
Back to skill

Security audit

Skill Vetter Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a documentation-only audit helper, but its localized instructions and implicit invocation create a real risk that it could be used as a safety review tool without a clear, consistent review process.

Install only if you are comfortable treating this as an advisory checklist rather than a definitive security authority. Prefer the English workflow, verify any safety conclusions manually, and consider narrowing or disabling implicit invocation before relying on it for install or publish decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The manifest claims a skill-vetting helper, but the actual description centers on generic market-demand and workflow assistance. This mismatch can cause the skill to be invoked in security-sensitive review contexts while providing off-target guidance, undermining trust, confusing routing, and increasing the chance that unsafe or insufficient vetting is performed.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The workflow and outputs describe broad productivity help rather than a structured security or package-review process. In the context of a skill advertised for vetting, this is dangerous because it may produce authoritative-looking but incomplete assessments, causing users to install or publish risky skills without real dependency, prompt-injection, or privacy review.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The trigger keywords and examples are broad and partially unrelated to security vetting, which can cause the skill to activate for ordinary bug-fixing or workflow requests. Misrouting a generic helper into a security-review role can dilute protections, create user confusion, and lead to unvetted content being treated as reviewed.

Vague Triggers

High
Confidence
93% confidence
Finding
Overly broad trigger terms like common security or workflow words can cause frequent false activations in unrelated conversations. In a security-focused skill, such over-triggering is risky because it can intercept benign tasks, provide irrelevant guidance, and create false confidence that a proper vetting process has occurred.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation criteria are ambiguous and do not clearly define when the skill should or should not be used. In this context, ambiguity increases the likelihood of misuse in the wrong task domain and weakens assurance that users are receiving an actual security assessment rather than general productivity help.

Vague Triggers

Medium
Confidence
91% confidence
Finding
`allow_implicit_invocation: true` permits the skill to be activated without an explicitly narrow trigger, which can cause the auditing workflow to run in broader contexts than intended. Because this skill makes trust and publication-safety judgments, ambiguous activation can lead to accidental invocation on unrelated content, prompt-surface expansion, and over-delegation of sensitive review decisions.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger sentences are malformed and include broad natural-language fragments that could match ordinary user requests instead of a clearly scoped invocation pattern. In a skill-selection system, this can cause unintended activation, routing users into the wrong workflow, and potentially suppressing the intended safety or task flow for other skills.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The invocation conditions are ambiguous because the trigger block does not clearly specify when the skill should run and instead contains broken, repetitive phrases. This increases the risk of accidental skill invocation or misclassification in orchestration systems that rely on keyword or sentence matching, which is especially relevant for a vetting workflow that should be invoked only in clearly defined review contexts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal