ClawHub

skill-creator

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent skill-building guide with disclosed local helper scripts, but users should be careful about what directory they initialize or package.

Install only if you want an agent to help create and package skills. Run the helper scripts on an explicit workspace path, avoid packaging directories that contain private or unrelated files, and inspect the generated .skill archive before publishing or sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs the agent to read and write files and execute local scripts (`init_skill.py`, `package_skill.py`), but it does not declare permissions or clearly scope those capabilities. This creates a transparency and safety gap: an agent may perform filesystem and shell actions the user did not explicitly anticipate, increasing the chance of unintended modification or packaging of local content.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The description presents the skill as guidance for creating skills, but the body directs concrete operational behavior such as creating directories, generating files, validating metadata, and packaging archives. This mismatch is dangerous because users and orchestration systems may invoke it expecting advisory behavior, while it can trigger side effects on disk and execute scripts.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs running initialization and packaging scripts without requiring a user-facing warning about filesystem changes. In context, this is more dangerous because the skill is positioned as a general guide, so an agent may proceed to create directories, scaffold files, or archives without obtaining informed consent for those side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal