ClawHub

Skill Factory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent skill-building workflow, but users should be careful with optional external AI calls, API keys, and full-auto iteration.

Install only if you are comfortable with a meta-skill that can draft and revise other skills. Use trusted AI endpoints, keep API keys private, avoid sending secrets or confidential workspace content in test prompts, set a conservative full-auto iteration limit, and review generated skills before deploying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The guide includes direct invocation of third-party network APIs, expanding the skill from local planning into external data transmission and remote model orchestration. This is dangerous because user prompts, system prompts, and possibly sensitive workspace content may be sent off-platform without clear capability scoping, approval boundaries, or trust restrictions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to activate on common requests like creating or improving something, which can cause the meta-skill to take over interactions unexpectedly. In this context, the skill can generate or modify other skills and potentially initiate downstream external-AI workflows, so accidental invocation increases the chance of unintended autonomous behavior.

Vague Triggers

Low
Confidence
79% confidence
Finding
The appendix template encourages future skills to use generic placeholder trigger phrases without instructing authors to make them specific and non-overlapping. Because this is a factory for producing more skills, the ambiguity can propagate into newly generated skills and create a wider ecosystem of misfiring or overreaching triggers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description does not warn users that full-auto mode may repeatedly call external APIs and autonomously generate or modify skill content. That omission undermines informed consent and can expose users to unexpected data disclosure, cost, and unattended changes, especially because the skill explicitly supports fully automatic iterative loops.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The testing step instructs the system to perform real external API calls using real inputs but provides no privacy, confidentiality, or data-sharing warning. In a skill-generation context, test inputs may contain proprietary prompts, credentials, business logic, or user data, so sending them to third-party models without disclosure or consent creates a meaningful leakage risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file instructs sending prompts to third-party AI services but provides no privacy notice, consent flow, or data-sharing constraints. This can lead to unauthorized disclosure of user inputs, confidential project data, or embedded secrets to external providers, especially in an agent skill that may process arbitrary task context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal