ClawHub

Sa Master

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed remote architecture-document workflow, with some privacy and activation caveats but no artifact-backed malicious behavior.

Install only if you are comfortable using the disclosed remote MCP service at mcp.smartmoves.com.cn for architecture work. Avoid sharing confidential PRDs, local file paths, or design documents unless your organization permits that service to process them, and confirm tool use when a broad architecture phrase triggers the workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The skill advertises `get_session_info` and `export_artifacts` tools that are outside the four declared architecture capabilities, expanding the agent's authority beyond its stated purpose. If exposed without strict authorization and scope checks, these tools could leak conversation state, internal workflow metadata, generated documents, or other artifacts to an unintended requester.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The opening-flow trigger includes broad phrases such as greetings and generic capability questions, which can cause the skill to enter a prescribed interaction mode unexpectedly. While not directly a code-execution issue, overly broad conversational triggers increase the chance of unintended workflow activation and can steer users into tool-backed flows without clear intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The tool trigger keywords are very broad, including common architecture terms like '架构设计', '系统架构', and '接口设计', which are likely to appear in ordinary discussion. In a tool-using agent, this can cause unintended invocation of remote MCP actions, potentially sending user content, file paths, or session context to external services without sufficiently explicit consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal