ClawHub

Adaptive Tool Filter

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, instruction-only tool-filtering guide, with no executable installer or hidden data access.

This is reasonable to install as guidance, but implement it conservatively: require explicit user intent before enabling command execution, file writes, messaging, external document actions, or subagent spawning, and avoid relying on single broad keywords for sensitive tool access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad, common words such as “文档”, “消息”, and “执行”, which can overlap with ordinary conversation and cause unintended tool categories to be enabled. In a tool-filtering skill, this weakens the security boundary by increasing exposure to higher-risk tools like exec or messaging tools when user intent is ambiguous.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The System Prompt guidance repeats broad intent signals without defining boundaries, precedence, or conflict resolution, so ambiguous user text may map to overly permissive tool sets. Because this logic is intended to run before every request, systematic over-selection of tools increases attack surface and the chance of prompt-driven misuse of sensitive capabilities.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description is overly broad and does not clearly limit when this skill should be invoked. In an agentic system, ambiguous routing can cause the skill to be selected in unintended contexts, which may indirectly affect tool exposure, task handling, or policy compliance.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal