ClawHub

Kinema's Skill Making Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent publishing workflow, but it gives an agent authority to publish, push marketplace changes, and use a local ClawHub token to upload repository files with too little user-control guidance.

Install only if you are comfortable letting the agent assist with authenticated GitHub and ClawHub publishing. Before any publish, tag push, marketplace push, or API fallback, review the exact repository, branch, diff, files to upload, and token source. Do not use the fallback publisher on repositories containing secrets or private config files unless the file set is narrowed first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger text is very broad: creating, publishing, or modifying skills are common actions that could cause this skill to activate in many routine contexts. Because the skill contains operational guidance for Git, release, publishing, and marketplace changes, over-triggering could cause an agent to follow high-impact release workflows when the user only intended simple editing or exploratory work.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs users to run a script that recursively reads local repository files and uploads them using a bearer token from the user's local config, but it provides no warning about what data will be transmitted or the sensitivity of the token. This creates a real risk of unintended disclosure of secrets or other sensitive files if users follow the instructions without carefully reviewing the repository contents and upload scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs an agent to commit and push changes directly to a marketplace repository without an explicit confirmation or approval checkpoint immediately before the external side effect. In an agent skill pipeline, this can cause unauthorized publication or unintended supply-chain changes if the skill is triggered in the wrong context, misidentifies the target repository, or is influenced by adversarial inputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal