ClawHub

Skill Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed assistant for auditing and editing Agent Skill files, with some broad trigger and file-search wording users should keep scoped.

Install this only if you want an agent to audit and propose edits to Agent Skill files. Give it an explicit SKILL.md or skill directory path, review diffs before approving changes, and avoid allowing broad searches of home skill folders or plugin caches unless that is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to search broad filesystem locations including home-directory skill stores and plugin caches when the user has not necessarily provided a concrete path. That can cause unnecessary traversal of unrelated user files and cached content, expanding data exposure beyond what is needed to optimize a single SKILL.md.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README advertises trigger phrases such as 'improve my skill', 'review this skill', and 'polish my skill', which are broad enough to overlap with many generic editing or review requests. In an agent routing context, this can cause over-triggering and misselection of the skill, leading the agent to apply skill-optimization behavior when the user intended a more general editing, code review, or unrelated refinement task.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README defines the skill's activation scope with broad examples like reviewing, polishing, fixing, or improving any existing skill, which can cause the agent to invoke this skill in situations better handled by other skills or by normal conversation. Over-broad trigger guidance can lead to misrouting, unnecessary file access, and unintended modification proposals across unrelated skill-maintenance tasks.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The README mentions that the workflow can propose edits and apply them after approval, but it does not prominently warn users that running the skill may modify skill files. In an agentic environment, unclear disclosure about file-modifying behavior increases the risk of surprise changes, especially if approval semantics are ambiguous or implemented inconsistently by the calling agent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The catch-all phrase 'any request to update a SKILL.md' is too unspecific and can match tasks outside the intended safety envelope, including broad edits where the user did not ask for audit behavior. In a skill that also instructs file discovery and backup creation, this overreach increases the likelihood of unnecessary access to local files.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The catch-all phrase 'any request to update a SKILL.md' is too unspecific and can match tasks outside the intended safety envelope, including broad edits where the user did not ask for audit behavior. In a skill that also instructs file discovery and backup creation, this overreach increases the likelihood of unnecessary access to local files.

Vague Triggers

Medium
Confidence
80% confidence
Finding
Examples like 'review this skill' and 'edit, polish, or refine' are broad enough to capture ordinary content-review requests, especially without counterexamples. This raises accidental activation risk, and because the skill includes file-location and snapshotting steps, accidental activation can lead to unnecessary file enumeration or writes.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The file explicitly recommends adding a "pushy catch-all" trigger phrase ("even if the user doesn't explicitly mention 'X' or 'Y'"). In an agent skill, this broadens activation beyond clear user intent and can cause the skill to fire on loosely related prompts, increasing the chance of irrelevant instruction loading, scope drift, and unintended behavior. In this skill-optimization context, that guidance is more concerning because it may systematically propagate over-broad triggering patterns into other skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal