ClawHub

Skill Dispatcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad routing helper, but it also asks the agent to change future behavior, search external registries, and write persistent correction records without tight user control.

Install only if you deliberately want a global skill-routing layer and are prepared to review and constrain its routing table first. Do not let it modify core rules, memory, or external registry workflows automatically; require explicit approval for persistent changes and for any search or installation of third-party skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
A routing skill telling the agent to search external skill registries expands its authority beyond local dispatch and can induce unreviewed discovery of third-party content. That creates a supply-chain and prompt-injection risk because external registry content may be malicious or incompatible with the local trust model.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Instructing the agent to modify workspace files and core operating rules materially changes system behavior and persistence, which is far broader than simple task routing. A helper that can rewrite governance text risks silently altering future agent decisions and weakening higher-priority controls.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Directing the agent to write correction records to memory or logs introduces persistence and state mutation that are not justified for a routing helper. Persistent writes can leak task history, create unwanted behavioral drift, or be abused to plant durable instructions under the guise of self-correction.

Vague Triggers

High
Confidence
96% confidence
Finding
Triggering on 'any non-trivial task' gives the skill extremely broad scope, effectively placing it in front of most agent activity. In security terms, that creates an overbroad interception layer that can reshape behavior, force extra reads/actions, and magnify the impact of any flawed or malicious routing logic.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The decision tree is left as TODO placeholders, so the actual trigger boundaries and routing destinations are undefined at runtime or deployment time. Undefined scope increases the chance of misrouting, accidental invocation of unrelated skills, and unsafe operator assumptions about what the dispatcher will do.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal