ClawHub

Seazenaidevskill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project-orchestration scaffold with optional Feishu/Meegle synchronization, but users should understand that enabling sync allows automatic project-management updates.

Install only in repositories where you want a persistent .seazenai workflow scaffold and root prompt files. Before enabling Feishu/Meegle integration, confirm the project_key, work item types, and auto_sync setting, because enabled sync can send requirement/task details and create or update remote work items automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (16)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill frames itself as only handling installation, guidance, and updates, but later expands into configuring Meegle integration and enabling automatic synchronization of project state. That scope expansion can surprise users into authorizing ongoing external system interaction and metadata transmission they did not expect from an installer-style skill.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill performs external workspace discovery, workflow metadata enumeration, template lookup, and user search against Feishu/Meegle, which goes beyond simple local file scaffolding. Even if operationally useful, this broadens the trust boundary and exposes project structure, workflow, and personnel metadata to an external integration path without strong justification in the role description.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill presents itself as operating within 'strict security boundaries', but its workflow authorizes autonomous file creation, index updates, and external task-system synchronization. This mismatch can mislead operators about the real execution scope, increasing the risk of unintended repository changes and outbound actions without explicit per-action consent.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The document includes automatic synchronization with Meegle/Feishu project management, which expands the skill from local development orchestration into external system interaction. If enabled implicitly, this can cause unauthorized metadata disclosure, workflow changes, or task creation in third-party systems beyond what a user expects from the skill description.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is framed as a requirements-analysis assistant, but it later performs external Feishu/Meegle synchronization that creates work items and transmits requirement content. This capability expansion is security-relevant because users may reasonably expect local documentation help, not outbound integration and data export, increasing the risk of unintended disclosure or surprise side effects.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The testing agent is defined primarily as a test-generation and execution role, but it is also instructed to perform post-CP4 remote project-management actions such as syncing requirement and subtask states and creating bug work items. Expanding a test agent into an external state-changing actor violates least privilege and increases the chance that a prompt injection, requirement-document manipulation, or testing mistake causes unintended remote workflow changes.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Granting a testing-focused agent write access to external project-management workflows and bug creation gives it authority beyond what is necessary to fulfill its stated purpose. If the agent is steered by adversarial content in requirement.md, breakdown.md, or tool-adapter metadata, it could alter requirement states, transition workflows, or create fraudulent work items in a production collaboration system.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The guide trigger includes very broad phrases like '下一步' and '现在该做什么', which can easily appear in unrelated conversation. In an agentic environment, overly generic triggers can cause unintended skill activation, leading to unexpected file reads, state assessment, or workflow steering without clear user intent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The update trigger phrase '检查更新' is generic enough to match ordinary user requests unrelated to this skill. That can cause accidental invocation of template comparison logic, file reads, and update prompts in the wrong context, which is risky for a skill with write capabilities.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill proposes enabling automatic Feishu project synchronization without a prominent warning that future project events and status changes may be transmitted to an external service. Users may consent to setup without understanding the ongoing nature of the integration, creating a privacy and governance risk rather than a classic exploit path.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically inspect several repository files immediately on load, without explicit user consent or a prior notice about what will be accessed. Even though the reads are limited to project-state files, this creates a silent data-access behavior that can expose repository structure, task names, and workflow metadata in contexts where users did not intend the agent to inspect the workspace yet.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow instructs the agent to automatically create directories and update INDEX files in the repository during initialization, but does not require a clear warning or explicit approval for those modifications. This can lead to silent state changes in source control, accidental corruption of project tracking files, or user surprise about writes occurring before review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create folders, copy templates, update indexes, and append conversation data to workspace files, but it does not provide an explicit user-facing notice that these writes will occur. Silent modification of the workspace can surprise users, overwrite expectations, and create integrity or privacy issues if notes and conversations are persisted automatically.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill can automatically extract requirement title, background, and acceptance criteria and send them to Feishu/Meegle, but it lacks a clear privacy and data-sharing warning. Because requirements often contain internal business details, this outbound transfer can expose sensitive project information to external systems without sufficiently explicit user awareness at the time of sync.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions direct the agent to create directories, create files, and update an index in the workspace without any explicit user warning or confirmation at the point of modification. Silent local writes are dangerous because a user may invoke the skill expecting analysis only, while the agent mutates repository state and may overwrite or create authoritative project artifacts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill specifies automatic synchronization to a remote project-management system after CP4 passes, including workflow transitions and bug creation, without clear user warning or approval for remote side effects. Remote writes are more dangerous than local file edits because they can change organizational records, trigger downstream automations, and create difficult-to-revert state changes outside the user's immediate workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal