ClawHub

download-guard

Security checks across malware telemetry and agentic risk

Overview

Download Guard is a coherent Windows download-management skill, but its cache-migration and auto-fix commands can make persistent local tool-configuration changes.

Install this only if you want the agent to intercept download/install workflows and manage download paths on Windows. Review DOWNLOAD_ROOT and log retention before first use, and treat "migrate cache" or "fix warnings" as system-maintenance commands because they may change package-manager configuration or user environment variables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The README frames the skill as a narrowly scoped download guard, but also advertises broader actions like cache migration and automatic fixes. That mismatch can cause users or host agents to grant the skill more trust and broader invocation than warranted, increasing the chance of unintended filesystem or environment changes outside simple download-path protection.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The listed trigger phrases are common conversational commands such as '磁盘空间', '缓存在哪', and '刚才下的在哪', with no clear scoping, confirmation, or exclusion boundaries. In an agent environment, this can cause unintended auto-activation during ordinary discussion, potentially exposing local path information, altering download behavior, or initiating sensitive filesystem-related actions when the user did not explicitly intend to invoke the skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase '帮我修复' / 'fix warnings' is broad and likely to collide with ordinary conversational requests unrelated to this skill. In an agent environment, such overbroad activation can unexpectedly invoke filesystem-changing behavior, especially because the skill also advertises automatic fixes and cache migration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promises automatic cache migration and cleanup without clearly warning that these actions can move files, alter tool cache locations, affect PATH/configuration, or delete archived logs. In a system-management skill, undocumented state-changing behavior is dangerous because users may trigger it without understanding the persistence and recovery implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The '帮我修复' / 'fix warnings' command authorizes broad automatic changes to caches, PATH-related settings, and configuration without requiring an explicit preview or confirmation of the concrete system modifications. In an agent context, that can lead to unintended persistent system changes, broken toolchains, or redirection of installs/downloads with little user awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The configuration explicitly states that the agent reads and writes this file directly and that cleanup actions occur automatically, but it does not clearly require explicit user confirmation before modifying configuration or deleting archived logs. In a security-sensitive agent skill, silent state changes and retention-based deletion can cause loss of auditability, surprise configuration drift, or unintended destructive behavior if the file is edited incorrectly or the agent misinterprets settings.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal