ClawHub

Phy Living Adr

Security checks across malware telemetry and agentic risk

Overview

This skill is a local ADR documentation helper that reads repository context and creates or updates markdown files in a disclosed, purpose-aligned way.

Install this if you want the agent to inspect repository changes and maintain ADR markdown files. Use explicit prompts such as /living-adr, and review generated ADRs, supersession edits, and README index changes before committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "document this decision" is broad enough to appear in ordinary collaboration chat, issue comments, or PR discussions, which can cause the skill to activate outside clear user intent. Because this skill performs filesystem writes and updates existing ADRs, accidental invocation can lead to unintended documentation creation or modification rather than just a harmless response.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The listed triggers include common phrases such as "write ADR," "create ADR," and "why did we choose X," which may match conversational text instead of a deliberate tool invocation. In this skill's context, ambiguous activation is more dangerous because the workflow proceeds to create directories, write new ADR files, and modify prior ADRs, creating integrity and audit-noise risks in the repository.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill behavior includes creating `docs/adr`, writing new ADR files, updating existing ADRs as superseded, and optionally regenerating an index, but the description does not clearly warn users that it performs these modifications automatically. Lack of upfront disclosure increases the chance of users invoking it without understanding that it can change repository contents, which is a safety and trust issue for tools with write capabilities.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal