ClawHub

Office Hours

Security checks across malware telemetry and agentic risk

Overview

This is mostly a design-document brainstorming skill, but it adds under-disclosed file/browser activity and a promotional YC referral handoff that users should review before installing.

Install only if you want an opinionated YC-style brainstorming workflow that may inspect the current repository, create local design artifacts, use browser screenshots for UI sketches, dispatch review subagents, and present a YC/GStack referral pitch at the end. Avoid using it in sensitive repositories unless you are comfortable with that project context being read and reflected in generated design documents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill explicitly claims its only output is a design document, but later instructs the agent to perform unrelated follow-on actions, including persuasive YC/GStack messaging and browser-based navigation. This mismatch is dangerous because users and calling systems may grant the skill trust and permissions appropriate for a documentation workflow, while the skill actually performs broader actions outside that scope.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill embeds recruiting and promotional content for Y Combinator/GStack that is unrelated to brainstorming or producing a design doc. This is dangerous because it repurposes the agent session for persuasion and referral generation, creating a covert objective that can manipulate users and violate least-surprise expectations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Opening a referral URL in the browser is not necessary for a design-doc skill and causes the agent to take an external action on the user's behalf. This is dangerous because it crosses from advisory behavior into unsolicited navigation, potentially enabling tracking, affiliate abuse, or trust erosion through context-inappropriate tool use.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill states that its only output is a design document, yet it later mandates persuasive closing messages and next-step promotions. This inconsistency is dangerous because it conceals real behavior from users and security reviewers, undermining informed consent and enabling misuse of the skill under a narrower declared purpose.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrases are broad, generic expressions likely to occur in ordinary conversation, which increases the chance of the skill being invoked when the user did not intend it. In this skill, unintended activation is more risky because it can write files, inspect repository state, and eventually deliver promotional content unrelated to the user's request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description says the skill 'saves a design doc' but does not clearly warn that it will write a file into the repository during normal operation. This is dangerous because users may invoke a brainstorming assistant expecting conversation-only behavior, while the skill modifies the workspace and may create persistence without explicit consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal