ClawHub

Structured Dev

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed structured coding workflow that writes planning files and can guide code changes after user approval, with no evidence of hidden exfiltration or destructive behavior.

Install this only if you want a structured development process that creates `.dev` files and may later edit code after approval. Use it on the intended project and branch, review `.dev/research.md` and `.dev/plan.md` before saying to implement, inspect diffs and command output, and require explicit confirmation before spawning another agent or creating any GitHub/GitLab merge request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs the agent to read and write project files such as `.dev/research.md` and `.dev/plan.md`, but no corresponding permissions are declared. This creates a capability/permission mismatch that can bypass user expectations and platform governance, especially because the workflow normalizes persistent filesystem changes across multiple phases.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad, natural-language activators like 'structured dev', '先调研再写代码', and 'research plan implement', which could match ordinary development requests unintentionally. That can cause the skill to activate in contexts where the user did not explicitly consent to this workflow, leading to unexpected file creation, process changes, or downstream agent actions.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill directs the agent to create a `.dev/` directory and write planning artifacts, but it does not clearly warn the user up front that filesystem changes will occur. In context this is not inherently malicious, but silent writes to the repository can surprise users, pollute working trees, or alter sensitive projects without explicit informed consent.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill describes spawning another coding agent and potentially auto-creating GitLab/GitHub merge requests without a strong user-facing warning or explicit approval gate for those impactful actions. In this context, secondary agent execution and repository actions materially increase risk because they extend autonomy beyond local drafting into delegated execution and external system changes.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal