ClawHub

Agentsmd Creator

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it can force-replace CLAUDE.md with a symlink, which may overwrite existing agent instructions in a repository.

Install only if you are comfortable with the agent reading representative source files and editing repository documentation. Before running it, check whether CLAUDE.md already exists and require a diff or explicit confirmation before allowing the symlink command or any file updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises AGENTS.md generation, but its instructions expand scope to creating and updating additional repository files such as docs/CODING_STYLE.md and docs/ARCHITECTURE.md. This mismatch can cause users or calling systems to grant permission for a narrow documentation task while the skill performs broader write operations, increasing the risk of unexpected repository modification.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The forced symlink creation `ln -sf AGENTS.md CLAUDE.md` modifies a root-level file outside the core AGENTS.md-generation purpose and can silently replace an existing CLAUDE.md. Because `-f` overwrites the destination without preserving prior content, this creates a repository integrity risk and may disrupt existing workflows or instructions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger conditions are broad enough that the skill could activate for generic requests about AI documentation or repository guidance, even when the user did not intend file-generation or repository mutation. Over-broad invocation increases the chance that a write-capable skill runs in the wrong context and performs unexpected analysis or file changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs creation and merge-style updates of multiple repository files without an explicit warning that local files will be modified. Even if described as merge behavior, automatic writes to user-controlled documentation can overwrite intent, introduce inaccurate generated content, or create churn in version control without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instruction to force-update a CLAUDE.md symlink lacks any warning that an existing file may be replaced. In a repository where CLAUDE.md already contains important agent instructions or project-specific guidance, this could silently destroy or mask content and alter downstream agent behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal