Back to skill

Security audit

Skill Lifecycle

Security checks across malware telemetry and agentic risk

Overview

This is a developer release-automation skill that can change skill files, create Git commits, and optionally publish, but those actions fit its stated lifecycle-management purpose.

Use this like a release tool: run it only inside repositories you intend to modify, check Git status before dev or batch flows, use dry-run/check modes before publishing, and confirm the active ClawHub account because publishing relies on the local CLI session.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and documents shell execution, file reads, and file writes, but does not declare corresponding permissions. This creates a trust and policy gap: users or enforcement systems cannot accurately assess what the skill can do before invoking it, which is especially risky for a lifecycle tool that performs Git operations, scanning, publishing, and writes metadata.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose does not fully match the observed capabilities: the skill appears able to batch-process multiple skills, initialize and modify configuration, perform direct Git commits, and write publish metadata, while omitting a claimed optional capability. Behavior mismatches are dangerous because they can conceal impactful side effects such as mass changes, repository mutations, or metadata persistence that a user did not knowingly authorize.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.