ClawHub
Back to skill

Security audit

Embedded Code Skill

Security checks across malware telemetry and agentic risk

Overview

This embedded C helper is not malicious, but it needs review because its documentation advertises self-optimization of the skill itself with broad natural-language triggers.

Install only if you are comfortable with the skill's broad routing and will ignore or tightly control the self-evolution workflow. Use explicit embedded-C prompts, review any generated changes before applying them, and constrain web lookups to official chip or toolchain documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The README advertises a built-in self-evolution system that can optimize the skill itself, which exceeds the declared scope of generating, rewriting, or reviewing embedded C code. Scope expansion is dangerous because it creates a path for the skill to modify behavior, evaluate itself, or invoke subordinate agents in ways users may not clearly intend, increasing prompt-injection and unauthorized capability risks.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Documented self-optimization is not justified by the skill's stated purpose, so it introduces unnecessary privileged behavior without a legitimate functional need. Unnecessary meta-capabilities increase the attack surface because an adversarial prompt can steer the skill into changing instructions, spawning evaluators, or producing outputs unrelated to the user's embedded-code request.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill documentation explicitly instructs the agent to use WebSearch/WebFetch for unknown architectures, which expands the skill from a local embedded-code reference into a network-enabled research workflow. That broader behavior can expose user prompts or derived queries to external services, introduce untrusted content into code generation, and exceed the capability implied by the skill’s stated embedded C architecture scope.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
For an embedded C architecture reference skill, autonomous network research is not necessary to fulfill the core function and creates avoidable risk. If followed, the agent may retrieve inaccurate or malicious third-party information and incorporate it into low-level firmware advice, leading to unsafe code, incorrect register usage, or leakage of sensitive project context through search queries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The self-evolution trigger phrases are broad enough to overlap with normal requests such as optimizing or evaluating the embedded-code skill, making accidental activation plausible. In a skill-enabled agent, ambiguous activation can redirect the agent from code assistance into self-modification or meta-analysis behavior, causing unintended execution paths and weakening user control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises a self-evolution and auto-optimization workflow, including triggers that imply the skill can run optimization rounds and update itself, but it does not clearly warn that this process may modify skill files or related artifacts. In an agent-skill context, undocumented mutation of prompts, configs, or repository contents can surprise users, weaken change control, and create opportunities for unsafe or unintended changes to persist.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README describes self-evolution triggers using broad natural-language phrases such as "optimize the skill" or "run self-evolution," without defining strict gating conditions, authorization checks, or confirmation requirements. In an agent skill context, ambiguous trigger language can cause unintended activation of a capability that modifies behavior or prompts, increasing the risk of unauthorized prompt evolution, workflow drift, or abuse through innocuous-looking user input.

Vague Triggers

High
Confidence
95% confidence
Finding
The manifest description contains very broad auto-trigger phrases such as generate, create, write code, review, check, and audit, which can cause this skill to activate for many generic programming requests outside its intended embedded-C scope. Overbroad activation can hijack routing, override more appropriate skills, and increase the chance that users receive responses constrained by this skill's rigid instructions rather than their actual intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill instructs the agent to prefer Chinese comments without requiring user choice, which can override user language expectations and reduce usability, reviewability, or policy compliance in mixed-language environments. In a broadly auto-invoked skill, this becomes more dangerous because users may be routed into a mode that silently changes output language and documentation style even when they requested English or did not specify a language.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.