ClawHub

Agent Notify

Security checks across malware telemetry and agentic risk

Overview

This skill is a local notification setup helper whose file changes and hooks are disclosed and aligned with its purpose, though users should review its broad trigger words and incomplete Windows artifact before installing.

Install this only if you want your agent configuration changed to run local notification hooks. Review the generated settings.json hook entries before accepting, use the uninstall flow if you no longer want the alerts, and do not rely on Windows support unless you separately verify the missing notify-windows.ps1 file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes very generic terms such as 'notify', 'bell', and 'beep', which are likely to appear in ordinary conversation and can cause the skill to activate when the user did not explicitly intend it. In an agent ecosystem, unintended invocation can lead to unnecessary configuration changes, hook installation, or execution of follow-on instructions from the skill, increasing the attack surface and risking surprising behavior.

Vague Triggers

High
Confidence
96% confidence
Finding
The skill description explicitly instructs invocation even for vague phrases like 'I want a sound' or 'how do I get notified', which greatly increases accidental triggering. Because the skill then guides file copying, config modification, and hook installation into agent directories, an unintended activation could cause the assistant to propose or perform sensitive local configuration changes without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several triggers are overly generic, including terms like 'notify', 'bell', 'beep', and broad Chinese equivalents, which are likely to appear in normal conversation unrelated to installing this skill. In this context, broad matching is risky because the skill is not merely informational: it leads into OS detection, filesystem operations, and modification of agent settings, so trigger collisions can escalate into unwanted configuration actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal