Back to skill

Security audit

Clawdbot Documentation Expert

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Clawdbot documentation helper with no evidence of hidden data access, persistence, or unsafe system changes.

This appears safe to install for Clawdbot documentation help. Users should still review future updates, keep real provider tokens out of chat, and redirect the agent if the skill activates during general Clawdbot discussion rather than a documentation request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is framed as a general Clawdbot documentation expert and can activate whenever Clawdbot is mentioned, without clear boundaries on when it should or should not take over. Overly broad activation increases the chance of unintended routing, causing the agent to prioritize this skill in unrelated or mixed-context conversations and potentially follow its workflow or tooling inappropriately.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The invocation phrase 'When a user asks about Clawdbot' is ambiguous because it does not distinguish documentation lookup from any other Clawdbot-related discussion. This broad scope can make the skill trigger in contexts where it is not appropriate, increasing the risk of misrouting, irrelevant instructions, and accidental tool/script suggestions in conversations that only incidentally mention Clawdbot.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.