ClawHub

along-plan

Security checks across malware telemetry and agentic risk

Overview

This is a planning skill with a disclosed, limited plan-file write, not a hidden or destructive capability.

Install if you are comfortable with a planning helper that may create a Markdown plan file in your repository. Treat its 'read-only' claim as meaning no code edits except that plan file, and avoid using its environment or network inspection commands in workspaces that contain secrets unless you explicitly intend that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill advertises read-only operation, but explicitly permits `write` to create a plan file. This breaks the stated safety boundary and can mislead callers or orchestration logic into granting a skill more trust than its actual behavior warrants.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The instructions directly contradict the read-only framing by allowing `write` for plan persistence. Security controls that depend on documentation or metadata can be bypassed when the implementation quietly expands permissions, increasing the chance of unauthorized filesystem modification.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation criteria are broad and vague, which can cause the skill to trigger in situations beyond the user's intent. In this case, unexpected activation is more concerning because the skill is not actually read-only and may create files when a user only requested analysis or planning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal