ClawHub

Quality Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed document quality-review workflow that may read target files and involve other agents, but its behavior fits its stated purpose.

Install this if you want formal documents reviewed by additional agents for completeness, formatting, references, and hallucination risks. For private or regulated documents, explicitly limit which files may be inspected and avoid automatic post-task review unless your agent environment is approved for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description says it may auto-trigger 'after task completion' and lists broad trigger words like 质检/验收/交叉检查, which can cause the pipeline to activate in situations the user did not explicitly authorize. Because the workflow includes opening files, checking paths, and escalating to multiple agents, ambiguous activation can expand access to user artifacts and create unintended data exposure or unnecessary processing.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs agents to verify file existence, open files, inspect contents, validate paths, and review references, but it does not warn users that their files and filesystem paths will be accessed and analyzed. In a multi-agent review pipeline, this omission increases the risk of users unknowingly exposing sensitive document contents, metadata, or directory structure to additional agents.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal