ClawHub

Phy Dep Upgrade

Security checks across malware telemetry and agentic risk

Overview

This dependency-audit skill appears useful, but it also tells agents to run package-changing fix commands under broad triggers without enough visible scoping or confirmation.

Install only if you want an agent to help with dependency audits and possible remediation. Before using it, require explicit confirmation before any npm, pip, or other package-changing command runs, review proposed diffs and lockfile changes, avoid forced fixes unless you understand the breaking-change risk, and run tests in an isolated branch or environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as an audit and planning tool, but the Quick Fix section instructs the agent to execute package modification commands such as `npm audit fix`, `npm audit fix --force`, and `pip install --upgrade`. That expands the skill from read-only analysis into state-changing behavior, which can alter a repository or runtime environment without a clearly bounded confirmation flow and may introduce breaking changes or supply-chain risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The metadata trigger phrases are broad enough to match ordinary conversation such as 'check for vulnerabilities' or 'upgrade packages', which can cause the skill to activate unexpectedly. In this skill's context, unintended activation is more dangerous because the skill includes operational shell commands and even remediation actions, so accidental invocation could lead to unnecessary scans or modification suggestions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list repeats ambiguous phrases without clear boundaries, increasing the chance that the skill activates on routine support or development dialogue. Because this skill gathers system/package information and can recommend or initiate dependency changes, accidental triggering can expose environment details or nudge users into unsafe upgrade workflows they did not explicitly request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal