Back to skill

Security audit

Kinema's Skill Making Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-development and publishing guide, with expected publishing commands and credential use disclosed in the artifacts.

Install only if you intend to let an agent help with skill releases. Before publishing, inspect the package directory, remove secrets or private files, verify the destination repository and ClawHub skill name, and review any cache deletion command before allowing it to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The snippet instructs users to run a one-liner that silently reads a local authentication token from a config file and uploads repository contents to a remote service, but it does not prominently warn about credential access or data exfiltration risk. In a skill-development pipeline context, users may copy-paste this with high trust, increasing the chance of unintentionally transmitting sensitive files or using privileged credentials without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs the agent to run recursive deletion commands against plugin cache paths (`rm -rf ~/.claude/plugins/cache/...`) as a troubleshooting step, but it does not provide a clear warning about irreversible deletion, scope validation, or safeguards before execution. In an agent-executed workflow, destructive filesystem operations are more dangerous because the model may perform them automatically, increasing the chance of unintended data loss or deletion of the wrong path if placeholders are substituted incorrectly.

External Transmission

Medium
Category
Data Exfiltration
Content
}));
for (const f of files) form.append('files', new Blob([f.bytes], {type: 'text/plain'}), f.relPath);

fetch('https://clawhub.ai/api/v1/skills', {
  method: 'POST',
  headers: { 'Authorization': 'Bearer ' + TOKEN, 'Accept': 'application/json' },
  body: form
Confidence
87% confidence
Finding
fetch('https://clawhub.ai/api/v1/skills', { method: 'POST'

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.