ClawHub

simulation-doc-writer

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a documentation helper, but it includes unnecessary self-logging and self-modification instructions that go beyond writing simulation documentation.

Review before installing. The documentation-writing behavior is understandable, VirusTotal and static scan were clean, and there are no executable scripts, but the self-evolution section should be removed or disabled unless you explicitly want the agent to write diary files and propose changes to its own SKILL.md. Also confirm whether outputs should be .txt only, because the artifacts conflict about .txt versus Markdown and companion files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes a self-modification workflow unrelated to its stated purpose of writing simulation documentation. Instructing the agent to append to diary files and submit PRs creates an unnecessary persistence and code-modification pathway, which could alter the skill repository or leave unauthorized artifacts without explicit user approval.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
A documentation-writing skill should not alter its own operational instructions or repository state during normal execution. Mixing content-generation behavior with self-editing and PR submission expands the skill's authority beyond user intent and can be abused to introduce persistent changes or hidden policy drift over time.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The template explicitly instructs the agent to generate code, Markdown documentation, and companion output files, which exceeds the declared scope of producing a plain-text simulation description document. Scope expansion is dangerous because it can cause the agent to perform unintended file creation or content generation outside the user's requested deliverable, increasing the risk of unauthorized modifications in the user's workspace.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instruction to append failure cases to a diary file causes silent writes to disk that are not part of the user's requested documentation task. Undisclosed file creation or modification is dangerous because it can leak task content, create persistent logs, and violate user expectations about what the skill will change.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The template hard-codes Chinese-only output as a mandatory behavior without indicating that language should follow user preference. This can override user intent and system-level expectations, causing misaligned outputs and reducing reliability of the agent when the user needs another language or bilingual documentation.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The checklist makes Chinese engineering-document style a required acceptance criterion rather than a user-selectable preference. Embedding this requirement in the review gate reinforces instruction priority in a way that can systematically force outputs into one language/style even when the user's request differs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal