ClawHub

Apollo Endo

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to manage global agent parameters, but it can persist and propagate behavior changes with broad triggers and unclear user control.

Review before installing. Only use this if you want a skill that can change persistent agent-wide parameters, and prefer installing it only after it adds explicit confirmation, scoped parameters, rollback instructions, and clear limits on which skills receive propagated state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The read_when conditions use very common concepts such as parameters, settings, preferences, and mode changes, which are likely to appear in ordinary conversation. This can cause the skill to activate unexpectedly and influence global behavior when the user did not intend to invoke it, increasing the chance of unwanted configuration changes.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest trigger list contains generic words like 参数, 偏好, 设置, 调整, and 系统状态, which overlap heavily with normal user requests. Because this skill is designed to affect global parameters, accidental triggering is more dangerous than for a purely informational skill, as it may alter defaults across other skills or tasks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow explicitly says to write a parameter state file and notify other skills that new parameters are in effect, but it does not require user consent, scope limitation, rollback, or validation of downstream effects. In a skill that manages global behavior, silent persistence and propagation can create cross-skill state corruption, unexpected automation, or policy drift that persists beyond the original request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal