ClawHub

Model Context Transfer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent context-handoff skill, but it explicitly normalizes handing credentials and sensitive information to other models or agents without redaction guidance.

Review before installing or using. Treat this as a handoff template only: remove or ignore credential and sensitive-information fields, redact tokens, passwords, customer data, and private file contents, and share summaries only with trusted models or agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends passing API details, file paths, and other key context to another model or agent without any guardrails on data minimization or secret handling. In a context-transfer skill, this is more dangerous because handoff is the core workflow, making oversharing of sensitive operational data likely and systematic.

Missing User Warnings

High
Confidence
98% confidence
Finding
The checklist says '文件/路径/凭据已交接' ('files/paths/credentials have been handed over'), which normalizes transferring credentials as part of routine handoff. That guidance can directly cause secret disclosure across models, agents, logs, or channels, especially during cross-system or cross-vendor transfers.

Ssd 3

High
Confidence
96% confidence
Finding
The skill advises persisting project memory in `MEMORY.md` and recording current progress in a transfer format, but elsewhere encourages inclusion of APIs, paths, and credentials. Combined, this promotes storing sensitive data in plain-text summaries or files, increasing the chance of later leakage, unauthorized reuse, or accidental disclosure.

Ssd 3

Critical
Confidence
99% confidence
Finding
The template and quality checklist repeatedly encourage inclusion of sensitive categories such as API/tool details, file paths, credentials, and 'sensitive information' in cross-agent summaries. Because this skill's purpose is repeated context transfer between models and channels, the document institutionalizes insecure secret propagation and persistence, creating broad risk of credential compromise, privacy breaches, and cross-boundary data exfiltration.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal