ClawHub

improve-skill-with-best-practices

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent website analytics and SEO audit helper, but users should protect analytics credentials and exported audience data.

Install only for sites and analytics properties you are authorized to analyze. Use least-privilege service accounts, keep .skills-data private, do not commit .env or JSON keys, rotate any exposed keys, and avoid persona reports or screenshots that could identify small groups or expose private user/admin data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The manifest frames the skill as goal-driven GA4/GSC improvement analysis, but the workflow expands into Bing Webmaster collection, GEO/AI-readiness checks, security-header inspection, technical SEO crawling, and broader reporting utilities. This mismatch can cause users or orchestrators to grant access and run the skill under narrower assumptions than its real behavior, increasing the risk of over-collection, unexpected scanning, or execution of broader audits against live sites and source trees.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The persona-analysis section extends the skill from website diagnostics into demographic and behavioral profiling, including clustering users into segments and constructing persona cards. That is materially broader than the stated analytics/search-improvement purpose and can lead to collection and processing of sensitive audience attributes without clear upfront scope boundaries or user consent expectations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The invocation text is very broad—covering website problems, rankings, traffic, analytics, audits, and roadmaps—so the skill may be selected for many loosely related requests. Over-broad matching increases the chance that a high-capability skill is invoked in contexts where a narrower, safer tool would suffice, which can expose more data or trigger more actions than the user intended.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to store `.env` values and service-account JSON keys under runtime storage, including auto-loading configuration and key discovery, but it does not warn about credential sensitivity, least privilege, file permissions, or secret handling. This raises the chance of accidental exposure through logs, backups, report artifacts, or overly permissive workspace access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell users to place a downloaded Google service-account JSON key in the working data directory and rely on automatic discovery, but they provide no warning about the sensitivity of that credential or safeguards for storage, permissions, rotation, and exclusion from source control. If the workspace is shared, synced, logged, or later archived, the key could be exposed and used to access GSC/GA4 data as the service account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance directs collection and synthesis of potentially sensitive behavioral, demographic, acquisition, query, and observational data, including inferred intent and goals, without requiring consent checks, data minimization, anonymization, or lawful-basis/privacy review. In a skill specifically designed to analyze live site behavior and build personas, omission of privacy safeguards materially increases the chance of over-collection, inappropriate profiling, or use of data from tools that may not be properly disclosed to users.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Recommending heatmaps and session recordings without any warning or guardrails is risky because these tools can capture highly sensitive user behavior, form inputs, credentials, or other personal data if misconfigured. In this skill's context, where live-site observation is part of the methodology, the lack of instructions for masking, consent, and vendor/privacy review makes privacy-invasive deployment more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The reference instructs the agent to capture full-page screenshots and extract metadata including forms, links, and page text-derived signals without any safeguards for authenticated sessions, internal sites, or pages containing personal or sensitive business information. In a skill designed for website analysis, this broad collection can unintentionally harvest sensitive data from account areas, admin pages, customer information shown in the UI, or hidden form endpoints, creating unnecessary privacy and data-handling risk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script accepts an arbitrary output path from the command line and opens it for writing without any overwrite confirmation, path restriction, or safety checks. In an agent or automation context, this can clobber local files if a user or upstream component supplies a sensitive path, causing data loss or unintended modification of workspace files.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal