ClawHub

ctf-solver

Security checks across malware telemetry and agentic risk

Overview

This CTF helper is mostly a text playbook, but it explicitly expands use beyond authorized targets and tells the agent to trust unknown binaries and exploit snippets.

Review this skill before installing. Its CTF workflows are useful for authorized labs, but the current wording should be changed to require explicit authorization and to treat unknown binaries, services, and exploit snippets as untrusted, ideally with sandboxing and least-privilege handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The overview explicitly says to work 'not only on authorized CTF targets' and to treat unknown binaries, services, and exploit snippets as trusted input. This directly undermines safety boundaries by encouraging analysis or exploitation outside authorized environments and by reducing caution around untrusted artifacts, which can enable misuse or unsafe handling.

Natural-Language Policy Violations

High
Confidence
100% confidence
Finding
The sentence instructing operation beyond authorized targets is a direct policy violation and meaningfully increases the chance the skill will be used against real third-party systems. The additional instruction to trust unknown inputs compounds risk by normalizing unsafe execution and analysis practices around potentially malicious content.

Ssd 4

Medium
Confidence
94% confidence
Finding
Within a CTF-oriented skill, framing unknown binaries, services, and public exploit snippets as trustworthy subtly lowers operator caution and normalizes risky exploitation behavior. Even though the context is challenge solving, this wording can transfer to real-world targets and malicious samples, increasing the chance of unsafe execution or misuse.

VirusTotal

1/55 vendors flagged this skill as malicious, and 54/55 flagged it as clean.

View on VirusTotal