ClawHub

Autoresearch Skill Optimizer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill optimizer, but it can reuse prior session history and repeatedly run or edit other skills without firm user gating.

Install only if you are comfortable with an agent testing and editing other skills. Provide sanitized test cases yourself, do not allow memory or session history to be used as test input, run target skills in dry-run or sandboxed mode, and manually review diffs before replacing any real SKILL.md or using the optimized skill at scale.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger guidance is ambiguous because it mixes several related but distinct actions—optimize, improve, autoresearch, audit, and pre-scale checks—without clear constraints on prerequisites, targets, or user confirmation. In a skill-routing environment, that ambiguity can lead to overbroad invocation of a process that runs repeated tests and proposes or applies changes, increasing the risk of unintended side effects and wasted resources.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger guidance is ambiguous because it mixes several related but distinct actions—optimize, improve, autoresearch, audit, and pre-scale checks—without clear constraints on prerequisites, targets, or user confirmation. In a skill-routing environment, that ambiguity can lead to overbroad invocation of a process that runs repeated tests and proposes or applies changes, increasing the risk of unintended side effects and wasted resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal