ClawHub

README Craft

Security checks across malware telemetry and agentic risk

Overview

This README-writing skill is coherent and disclosed, with no evidence of hidden code, credential use, exfiltration, or persistence.

Install this if you want an agent to draft or evaluate README files. Use audit mode for read-only review, inspect diffs before rewrite, and be cautious about any requested shell, web fetch, or delegated-agent action that is not clearly tied to README generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Granting Bash to a README-writing skill expands its authority beyond what is usually needed for documentation drafting and audit. Because the skill instructions explicitly encourage scanning projects and generating examples, shell access could be abused to run arbitrary local commands, inspect sensitive files, or mutate the workspace if the agent follows unsafe heuristics or prompt injection from repository content.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Unrestricted WebFetch is broader than necessary for a skill positioned as local README creation, audit, and rewrite. If influenced by repository content or user-supplied prompts, the skill could exfiltrate project metadata to external services, retrieve untrusted remote content into generated documentation, or be used as a network pivot unrelated to its core purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Allowing delegated Agent execution gives this documentation skill the ability to invoke other agents or capabilities beyond its stated scope, effectively bypassing least-privilege design. In a prompt-injection scenario, this can amplify impact by chaining into more powerful tools, broadening data access, or performing actions the original skill should not need for README authoring.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill states that create and rewrite modes will directly write README.md, and create mode does not clearly require prior confirmation. That makes accidental file modification more likely, especially when the skill auto-detects mode based on repository state; in adversarial or ambiguous contexts, this can overwrite user-authored documentation or plant misleading content without an intentional commit point.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal