ClawHub
Back to skill

Security audit

AANA File Operation Guardrail Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only file-safety checklist with no code execution or hidden data flow, though one example payload has an approval-field inconsistency users should treat carefully.

Reasonable to install as a file-operation safety checklist. Before relying on it for automation, treat the bundled example payload as flawed: destructive or bulk file operations should require explicit approval even if a sample boolean says otherwise, and users should confirm exact target paths before deletion, overwrite, upload, or publish actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The file describes a destructive bulk delete operation while only setting `recommended_action` to `ask`, without encoding a concrete enforcement mechanism that guarantees the dry-run list is shown and explicit approval is collected before deletion. Because `authorization_status` is also `unclear`, an agent could treat the action as sufficiently reviewed and proceed with deleting 18 files based on underspecified policy cues.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The document explicitly says safeguards include showing a dry-run target list and asking for explicit approval before deletion, yet `human_review_required` is set to `false`. This contradiction creates a realistic policy bypass where an automation system may rely on the boolean flag instead of the natural-language safeguards, enabling unauthorized destructive file deletion within the bounded folder.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.