ClawHub

Samvida

Security checks across malware telemetry and agentic risk

Overview

Samvida appears to be a legitimate llms.txt generator, but it needs review because it can run user-influenced shell commands and optionally make live Cloudflare/Webflow changes using powerful tokens.

Install only if you are comfortable with a skill that crawls websites and can deploy to live hosting providers. Crawl only sites you own or are authorized to scan, review the generated llms.txt before publishing, use short-lived least-privilege Cloudflare/Webflow tokens, avoid pasting secrets into ordinary chat or logs, and revoke tokens after deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The documented workflow expands from drafting a text file into modifying live infrastructure on Cloudflare and Webflow. This is a sensitive scope jump because it turns a content-generation task into a privileged operational task that can alter production site behavior and replace existing files.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill asks users to paste high-privilege Cloudflare and Webflow credentials into the interaction flow, despite its primary advertised function being file generation. Collecting broad API tokens in chat materially increases the risk of credential exposure, misuse, or unintended publication changes.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill metadata says it generates an llms.txt for a business website, but this script also performs authenticated deployment and remote site modification via Cloudflare and Webflow. That scope expansion is security-relevant because an agent invoked for content generation could be induced to make live infrastructure changes using supplied tokens, violating least privilege and user expectations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
This code can upload assets, create or modify redirects, and publish sites live through Webflow, which goes beyond a generation-focused description. In an agent setting, hidden publishing capability increases the risk of unauthorized website changes, defacement, traffic redirection, or persistence if a user or another tool supplies valid credentials.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that ordinary user requests like 'make my site agent-readable' or 'create an llms.txt' could invoke the skill unintentionally. Because this skill performs crawling and can progress toward deployment, accidental activation increases the chance of unintended network access, data collection, or follow-on actions in the wrong context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes a workflow that includes website crawling, collecting Cloudflare API credentials, and deploying to production, but it does not present explicit safety boundaries, consent requirements, or warnings about sensitive credential handling. In an agent setting, that omission is dangerous because users may be led into granting high-privilege tokens or authorizing deployment without understanding the risks, and the skill appears capable of performing impactful external actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Cloudflare deployment instructions solicit sensitive credentials without a clear warning about the risks of sharing secrets in chat or guidance on secure handling. Users may disclose reusable production credentials in an unsafe channel, leading to account compromise or unauthorized site changes if the conversation is exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Webflow token request similarly asks for a privileged API token with write and publish scopes and gives no explicit safety warning. That increases the chance of users exposing credentials capable of modifying site assets, redirects, and published content.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The document tells users how to obtain and use a powerful Cloudflare API token and modify live Worker routes, but it does not warn that the token is sensitive or that route changes affect production traffic. In an agentic workflow, users may paste these credentials into chat or run deployment steps without understanding the operational risk, increasing the chance of credential leakage or unintended disruption to /llms.txt serving.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Webflow instructions require a sensitive Site API token and include a publish action that pushes changes live, but they do not clearly warn about either risk. In this skill's context, an agent may automate these steps end-to-end, so missing warnings materially increases the chance of secret exposure and accidental publication of unintended redirect changes to a production site.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal