ClawHub

Token Economy

Security checks across malware telemetry and agentic risk

Overview

This looks like a cost-saving skill, but it describes automatic background model switching without enough opt-in, disable, or installation detail.

Review before installing. There is no evidence here of credential theft, exfiltration, or destructive behavior, but only install it if you are comfortable with automatic model-routing behavior and can verify how the cron job, budget cap, audit log, opt-in, and disable controls actually work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill's activation guidance is broad enough to match many ordinary discussions about cost, speed, budget, or model choice, which can cause over-invocation outside a clearly scoped user request. In an agent setting, this increases the chance that the skill influences behavior opportunistically and injects cost-routing recommendations when they were not explicitly requested.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The 'When to Mention' cues are overly general and cover common conversational topics like slowness, expense, optimization, and model selection, making unsolicited invocation likely. This is dangerous because it can bias the agent toward this skill's recommendations in routine conversations and expand the skill's operational influence beyond its intended scope.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs an automatic switch from Opus to Sonnet after inactivity via a cron job, but does not provide a clear user warning, consent mechanism, or audit-visible notice of the autonomous behavior. Autonomous model changes can alter capability, response quality, and cost characteristics unexpectedly, which may interfere with user expectations or ongoing work.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal