ClawHub

Agent发布技能

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a publishing helper, but its activation and loading scope are too broad for a workflow that can publish content externally.

Install only in workspaces where you intentionally want release automation. Before using it, confirm that any publish, push, packaging, or GitHub/ClawHub action requires an explicit user command and final confirmation, and avoid loading it globally across unrelated projects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes very common words such as "发布", "推送", "publish", and "push", which can appear in ordinary conversation and cause the skill to activate outside the user's intended context. Because this skill performs packaging and publication workflows to external services, accidental activation can lead to unintended prompts or downstream publication actions if an agent chains execution too aggressively.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The condition "when core files change, proactively ask whether to publish" is broad and may trigger on routine edits, partial drafts, or automated modifications without a clear user request. In a skill designed to publish artifacts externally, this increases the chance of premature or confusing activation and can pressure users into unintended release flows.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
Mandating this skill be loaded in all agent workspaces removes user choice and expands the reach of a capability that can package content and publish to ClawHub and GitHub. Broad mandatory loading increases attack surface, makes accidental activation more likely across unrelated workspaces, and can expose sensitive workspace content to external publishing workflows if other controls fail.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal