ClawHub

Chat Record Generator

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates simulated chat-record Excel files, with ordinary local file writes and dependency setup that match its stated purpose.

Install only if you are comfortable letting the agent create local JSON/XLSX files and, if needed, install the xlsx npm package. Prefer specifying an explicit output path in your workspace, check before overwriting existing files, and consider installing a pinned xlsx version in a project-local dependency directory instead of relying on a shared /tmp path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs generating and writing an Excel .xlsx file, which modifies the local filesystem, but it does not tell the user that a file will be created or require confirmation of the output path. In an agent setting, silent file creation can surprise users, overwrite expected locations, or be chained with other actions to stage untrusted artifacts on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends shell commands to create directories, change directories, and install the xlsx package with npm, but provides no warning that this alters the local environment and pulls code from an external registry. In an agent context, unannounced dependency installation increases supply-chain and environment-tampering risk, especially when writing into shared temporary paths like /tmp.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal