ClawHub

Find Popular Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is a useful discovery guide, but it needs review because it includes environment-changing install and publish workflows without strong user-confirmation safeguards.

Review before installing. Use it for discovery and recommendations, but require the agent to show the chosen skill, source, and risks before any install or publish command. Avoid passing ClawHub tokens on the command line; prefer safer authenticated sessions or environment-based token handling where supported.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The top-level description says to use the skill for broad prompts like 'how do I do X' or whenever a user wants to extend capabilities, which can trigger the skill in many ordinary conversations. Because this skill contains install and publish workflows, over-broad activation increases the chance of unsolicited package installation, repository fetching, or other environment-changing actions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'When to Use' section includes ambiguous triggers like 'how do I do X' where a skill might exist, without boundaries requiring explicit consent to search external ecosystems or modify the system. In context, this makes unintended activation more dangerous because the skill is designed to discover, install, and publish third-party artifacts from large external ecosystems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section provides direct installation and publishing commands that change the user's environment, but it does not require an explicit warning, dry-run, or confirmation step before execution. Since the skill recommends pulling third-party content from skills.sh and ClawHub, a mistaken or automated invocation could install untrusted code or publish content unintentionally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal