ClawHub

coding-prompt

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding prompt coach with bounded, disclosed behavior and no hidden code, network access, credentials, or destructive actions.

Use this when you want help improving coding prompts. Review any proposed learnings before approving the update-skill flow, and avoid saving secrets, proprietary project details, or personal data into learnings.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill declares `references/learnings.md` as APPEND-ONLY, but later instructs the agent to update existing entries, revise the full file, and change header metadata. That contradiction weakens the safety boundary around self-modification and can be exploited to justify broader rewrites of accumulated guidance instead of strictly adding audited new content.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The top-level description allows activation during broadly defined coding situations such as vague instructions, missing constraints, or general prompt-engineering opportunities. This can cause the skill to activate without clear user intent and inject behavior into many ordinary development interactions, increasing the chance of unwanted file reads, prompt rewriting, or evolution actions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation aliases listed near the top are short, generic phrases that may appear in routine conversation and can accidentally trigger the skill. In a system that grants skills operational behaviors, ambiguous activation expands the attack surface by making it easier for unrelated text or indirect prompts to invoke the skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The explicit trigger list includes phrases like 'improve my prompt', 'check my prompt', and similar generic language without enough scoping to coding-only use. Because these phrases overlap with normal user requests, they can cause unintended activation and broaden the skill's influence beyond the user's actual intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "更新技能" is generic and could plausibly appear in normal user or developer conversation, causing the skill to activate unintentionally. Even though this file is only a learnings reference document, broad activation conditions can lead to accidental execution paths, unexpected state changes, or unwanted persistence of conversation-derived content.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal