ClawHub

First Principle Analyzer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate analysis helper, but it asks for more local command authority and sharing capability than its purpose clearly justifies.

Review before installing. Use it only if you are comfortable granting a decision-analysis skill local command authority, and avoid share/export workflows for confidential business, research, financial, or personal information unless you have independently verified where the data goes and who can access it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The manifest grants Bash and Exec capabilities even though the skill is described as a reasoning and analysis framework. Excess command-execution privileges materially increase the attack surface: if the skill or downstream prompts are influenced by untrusted input, the agent could execute local commands or scripts unrelated to the user’s intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document advertises sharing and collaboration commands such as `share --with="team@company.com"` and team collaboration features, but it does not clearly warn users that analysis content may be transmitted to other users or external services. Because this skill is designed for deep analysis of business, academic, and strategic problems, users may input sensitive intellectual property, personal data, or confidential company information and unknowingly expose it through collaboration features.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are generic enough to match a wide range of ordinary reasoning requests, which can cause the skill to be invoked outside its intended scope. Over-broad activation increases the chance of prompt hijacking of normal workflows, misrouting user requests, or unnecessarily exposing user inputs to this skill when a narrower tool would be safer or more appropriate.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal