ClawHub

Agent-Skill-Reviewer

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local reviewer that reads user-selected skill files and writes a Markdown review report, with no evidence of credential use, network exfiltration, or destructive behavior.

Install this if you want local skill-quality reviews. Before use, choose the target skill directory deliberately and specify an output path if you do not want reports saved in the default skill-reviews/ folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read target skill files and to save review reports into the working directory, which are file-read and file-write capabilities. Because these capabilities are not explicitly declared, users and any permission framework may not realize the skill can access and create files, reducing transparency and weakening consent and policy enforcement.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad, such as requests to analyze or review a skill, and may overlap with normal conversation or unrelated content inspection tasks. This can cause the skill to activate unexpectedly, leading the agent to read files or generate reports in situations where the user did not clearly intend to invoke this specific workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill says the report will be saved by default under a working-directory subfolder, but it does not require a warning or explicit consent before writing files. Automatic file creation can surprise users, overwrite expectations about a read-only review, and leave unintended artifacts in sensitive repositories or environments.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
Forcing Chinese output by default without user choice can cause usability and comprehension problems, especially when the user or downstream tooling expects another language. While not a direct security exploit by itself, it increases the chance of misunderstanding review results, paths, or remediation instructions in security-sensitive workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal