ClawHub

Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-building helper, but it needs review because its helper scripts can send skill content to Claude, start a local background server, and terminate whatever process is using the viewer port.

Install only if you are comfortable with a skill that edits and packages skills, runs Python helpers and Claude CLI subprocesses, creates local review artifacts, and may transmit skill content and eval data to Claude. Prefer the static viewer mode or a foreground server, avoid running it in sensitive repositories without reviewing what will be sent externally, and check for any existing service on the viewer port before launching it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read and write files, invoke shell commands, inspect environment context, launch background processes, and package artifacts, but it declares no permissions or compatibility constraints. That mismatch can cause the skill to run with broader-than-expected capabilities and gives users no visibility into the operational or security-sensitive actions it may take.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The helper unconditionally finds any process listening on the requested port and sends SIGTERM to it before starting the local review server. That can terminate unrelated local services owned by the user, causing denial of service, data loss, or disruption if the port is in use by something important.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill explicitly tells authors to make descriptions 'pushy' and to trigger on broad adjacent contexts even when the user does not explicitly ask for the skill. That increases over-triggering risk, causing this high-capability skill to activate in situations where shell, file, and evaluation workflows are unnecessary, which expands the attack surface and may lead to unintended file operations or process execution.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The page loads Google Fonts and the SheetJS library from third-party CDNs, which causes users' browsers to make outbound requests to external domains and exposes metadata such as IP address, user agent, and timing information. It also introduces a supply-chain and availability dependency: if a CDN is compromised, blocked, or unavailable, the viewer may leak data or fail to render correctly.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends full skill content, evaluation failures, history, and potentially user-derived queries to an external `claude` subprocess without any consent, redaction, or policy check in this file. If those inputs contain proprietary code, secrets, or sensitive prompts, they may be disclosed to an external model service unintentionally, creating a confidentiality and compliance risk.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script automatically opens a generated HTML report in the user's default browser without explicit confirmation. Even though the path is local and generated by the tool, this creates an unexpected side effect, may leak information through the browser environment, and can be unsafe in headless, shared, or sensitive execution contexts.

Session Persistence

Medium
Category
Rogue Agent
Content
4. **Launch the viewer** with both qualitative outputs and quantitative data:
   ```bash
   nohup python <skill-creator-path>/eval-viewer/generate_review.py \
     <workspace>/iteration-N \
     --skill-name "my-skill" \
     --benchmark <workspace>/iteration-N/benchmark.json \
Confidence
88% confidence
Finding
nohup

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal