ClawHub

Skill Evolution

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent meta-skill for user-directed skill editing, with real filesystem and git impact that users should review before use.

Install only if you are comfortable with a skill that can modify selected installed skills, create .skill-backups logs and backups, and use git stash/add/commit. Review every proposed diff before approval, avoid feeding sensitive documents or conversation details unless needed, and clean backup/log files if they contain private material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad and ambiguous (e.g. generic '进化/迭代/改进' and 'skill进化/吞噬'), which can cause the skill to activate in contexts where the user did not intend file modification behavior. Because this skill can enumerate installed skills and proceed toward backup, editing, and git operations, accidental invocation materially increases the risk of unintended changes to local artifacts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is designed to modify files, create backups, parse external documents, and run git commands, but the description lacks a single explicit upfront warning that these actions affect the local filesystem and repository state. Users may invoke it without appreciating that it can write logs, create backup directories, and commit changes, which undermines informed consent for potentially destructive operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly allows use of cloud document connectors to read or operate external documents, but it does not require a clear user-facing consent step, scope confirmation, or warning about data exposure and unintended modification. In a meta-skill that evolves or merges other skills and external content, this is more dangerous because it can normalize broad access to remote documents and potentially alter them without the user understanding the privacy or integrity impact.

Ssd 3

Medium
Confidence
91% confidence
Finding
This section explicitly instructs the skill to analyze the current conversation, extract user corrections, preferences, and domain knowledge, and convert them into reusable patterns for future modifications. That creates a data retention and secondary-use risk: sensitive information shared during one interaction can be persisted or propagated into later skill changes without clear minimization, consent, or redaction controls.

Ssd 3

Medium
Confidence
88% confidence
Finding
The logging instruction requires recording evolution and phagocytosis details, which in this skill can include user prompts, external document-derived content, conflict resolutions, and conversation-extracted knowledge. Persistent logs of those materials can expose sensitive user information, proprietary document contents, or behavioral preferences beyond the original task scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal