ClawHub

Skill Distiller

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate skill-compression helper, with narrow local logging and provider-selection behavior that users should understand before use.

Install if you are comfortable with a skill that processes skill markdown and may keep local calibration metadata in .learnings/skill-distiller/calibration.jsonl. Review or disable logging for proprietary skill work, and avoid provider auto-detection/API-backed providers unless you trust the local environment and understand which model backend will be used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill does more than transient skill compression: it instructs the agent to persist calibration records, including skill name, token counts, preservation scores, and later user feedback. Persistent logging expands the data handling surface and creates retention/privacy risk that is not central to the core compression function, especially if users process proprietary skill files.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documented provider auto-detection inspects environment variables and invokes a local command (`ollama list`) to select a model provider. That grants the skill unnecessary capability discovery for a compression task and can leak environment configuration or trigger unintended local command execution in agent runtimes that permit tool use.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill instructs persistent logging of user activity and skill metadata into `.learnings/skill-distiller/calibration.jsonl`, which expands scope from transient compression to local data retention. Even if intended for calibration, this can create unintended privacy leakage, accumulate sensitive skill names/content-derived metadata, and leave artifacts on disk without clear consent, retention controls, or sanitization.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill instructs the agent to write calibration data to a local file without an explicit user warning at the time of operation. Even if the stored fields seem limited, silent persistence can surprise users and create privacy/compliance issues when handling internal or sensitive skill artifacts.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to append calibration data to `.learnings/skill-distiller/calibration.jsonl`, which modifies the user's workspace. That behavior is not inherently malicious, but it is a real safety issue because the file write is stateful and not clearly surfaced as a user-facing side effect or gated by explicit consent. In this context, the danger is somewhat limited because the target path is local and narrowly scoped, but it still creates unexpected persistence and could clutter repositories or interfere with workflows.

Ssd 3

Medium
Confidence
92% confidence
Finding
The calibration design retains skill metadata and later outcome feedback over time in a structured local history. Long-term retention of user-supplied content metadata can enable profiling of workflows, leak sensitive project names or usage patterns, and compound risk if the `.learnings` directory is shared, synced, or exposed.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal