ClawHub
Back to skill

Security audit

Multi Model Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent multi-agent orchestration skill, but it can start broad autonomous workflows, spawn parallel agents, and auto-install dependencies with under-scoped triggers and limited user control.

Install only if you intentionally want multi-agent orchestration. Prefer explicit commands like $team, $ralph, or $autopilot, confirm before parallel or persistent execution, and review model routing and dependency installation behavior before using it on private code or sensitive projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented trigger phrases are broad, natural-language expressions such as '全自动', '前端', and '测试失败了' that can appear in normal user conversation without explicit intent to invoke orchestration. In an agent skill that can launch planning, parallel execution, persistent execution, or code review workflows, ambiguous triggers increase the chance of accidental activation and unintended actions.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger mapping includes very common conversational phrases such as '规划一下', '做完它', '调试', and '前端', which can easily appear in normal user requests that are not intended to invoke this orchestration skill. Because the skill can initiate parallel agents, autopilot loops, and delegated review/execution flows, accidental activation can cause unintended task routing and execution amplification.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest trigger list contains ambiguous terms like 'team', 'parallel', '多模型', and 'orchestrate' that are broad enough to collide with ordinary conversation. In a skill that coordinates multiple models and workflow modes, false activation is more dangerous than in a passive skill because it may change execution strategy, spawn sub-agents, or trigger automated review/debug loops.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Routing all Chinese-language tasks to a specific model solely based on language is a risky hard-coded policy because it removes user choice and may send sensitive prompts to an unintended provider. This can create privacy, compliance, and quality risks, especially when the skill also handles debugging, code review, and orchestration tasks that may include proprietary code or credentials.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include very common requests such as '审查代码' and 'code review', which can cause the skill to activate in routine conversations without clear user intent to invoke this specific orchestration workflow. In a multi-model orchestrator, accidental activation can redirect requests into a more complex review pipeline than expected, potentially causing unintended behavior, cost, or disclosure of code/context to additional model roles.

Natural-Language Policy Violations

Medium
Confidence
70% confidence
Finding
The skill is written entirely in Chinese and defines a fixed Chinese output format without offering the user a language choice. This can cause the system to ignore user language preference or organizational policy, producing reviews in an unexpected language and increasing the chance of misunderstanding or missed security issues during review.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad, everyday terms such as "team" and "parallel" that can appear in many unrelated user requests, making unintended workflow activation likely. In an orchestration skill, accidental activation can redirect execution into a multi-agent flow, increasing prompt surface area, cost, and the chance that downstream agents act on the wrong task context.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation conditions are qualitative and underspecified, using subjective criteria like "需求模糊" and "任务复杂度高" without measurable boundaries. That ambiguity can cause the skill to engage when not requested, leading to unnecessary collection of additional user information and unintended delegation within a powerful orchestration system.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions include very generic natural-language phrases such as '做完它' and '持续执行', which can plausibly appear in ordinary conversation and unintentionally invoke a high-autonomy workflow. In this skill's context, accidental activation is more dangerous because the workflow is designed to continue executing, self-repair, and only ask the user for help when needed, increasing the chance of unintended actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The auto-repair policy explicitly allows automatic dependency installation and code/system modifications without any user-facing warning, consent checkpoint, or scope limitation. In an orchestration workflow intended to persist until completion, this can lead to unreviewed environment changes, supply-chain exposure, or destructive modifications that the user did not clearly authorize.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad and overlap with ordinary user language such as '规划一下' or '制定计划', which can cause the workflow to activate unintentionally. In a multi-model orchestration skill, accidental invocation can lead to unnecessary delegation, extra model calls, higher cost, and disclosure of more user context than intended across sub-agents.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include very broad natural-language terms such as '并行执行' and '同时做', which can easily appear in ordinary user requests and unintentionally activate this workflow. In a multi-model orchestration skill, accidental activation can cause unnecessary task spawning, increased cost, unexpected side effects, and reduced operator control over execution mode.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.