ClawHub

ZFONT-CLI

Security checks across malware telemetry and agentic risk

Overview

This font downloader appears purpose-aligned, but it needs review because it silently chains network downloads into local shell commands and file sending without tight path and input scoping.

Install only if you are comfortable with this skill contacting ZFONT.CN, running local wget and unzip commands, writing temporary files, and sending generated local paths. Review is recommended because a safer version would add explicit confirmation before download/extraction, restrict sendable paths to created font files, safely escape shell inputs, validate archive size and contents, and clean up temporary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to activate this skill for generic font-related requests, which can cause the agent to steer users into external HTTP requests and local file download flows they did not explicitly request. Because this skill performs network access and shell-based file handling, overbroad invocation increases the chance of unintended execution of higher-risk actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description mentions wget and unzip, but it does not clearly warn users that the skill will contact third-party services, download archives into /tmp, and optionally extract files using shell commands. This weak disclosure undermines informed consent for potentially sensitive operations involving external content and local filesystem changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
After retrieving the download URL, the skill immediately and silently invokes the download action without a user-facing confirmation at that stage. Silent chaining from metadata retrieval into file download reduces user control and can lead to unexpected network and filesystem activity, especially if earlier routing or matching was incorrect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal