ClawHub

Meta Skill Weaver

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed orchestration and metrics/feedback package with broad but purpose-aligned capabilities, and I found no evidence of hidden exfiltration, destructive behavior, or deceptive execution.

Install only if you want a high-authority orchestration helper that can coordinate multi-step work and use file/command-capable tools. Review where local .metrics and .feedback data will be stored, avoid putting secrets or sensitive personal data in feedback comments or task IDs, and use explicit task IDs/commands when resuming or checking long-running work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document advertises user feedback collection plus metrics persistence and trend analysis, but it does not mention any consent flow, data minimization, retention policy, or privacy notice. In a skill orchestration product, these features can lead operators to collect potentially identifying or sensitive usage data without informing users, increasing privacy, compliance, and misuse risk.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The FAQ shows generic natural-language commands such as '请编排以下任务…', '查询任务 [任务 ID] 的进度', and '恢复任务 [任务 ID]' without any explicit scoping, confirmation, or invocation boundary. In an orchestration skill, broad triggers increase the chance of accidental activation or unintended task execution/resumption when similar text appears in ordinary conversation, which can cause unauthorized workflow actions or data exposure across long-running tasks.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation describes saving task state and generating outputs, but it does not clearly warn users that data may be persisted to storage or files may be created/modified. In a skill with Write/Bash/Exec capabilities, undocumented persistence increases the risk of unintended data retention, leakage, or side effects because users may invoke it without informed consent about filesystem operations.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The activation description is broad enough that the skill may be selected for many ordinary requests, even though it exposes powerful orchestration and execution-related capabilities through Read/Write/Bash/Exec. Overbroad routing increases the chance that high-privilege tooling is invoked unnecessarily, expanding attack surface and enabling unintended command execution or file operations in contexts that did not require them.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are generic enough that the orchestration skill could activate for many loosely related requests, causing it to take over workflows without clear user intent. In an orchestration skill, over-broad activation is more dangerous than usual because it can route work to other skills, expand scope, and indirectly expose data or cause unintended multi-step actions.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
The metadata is entirely Chinese-facing and does not indicate locale negotiation or user opt-in, which can cause the skill to respond in an unexpected language. While this is primarily a UX and safety-of-operation issue rather than a direct security flaw, it can still increase the chance of user misunderstanding around orchestration steps, approvals, and task delegation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal