ClawHub

myskill

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate skill-discovery purpose, but it needs Review because it can steer ordinary help requests toward third-party installs and recommends global no-confirmation installation.

Install only if you explicitly want a helper that searches external skill registries. Before using it to install anything, review the exact package and publisher, avoid global no-confirm installs, and do not run the included Python demo unless you intend to use AgentScope with a DashScope API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger guidance is very broad, covering generic phrases like 'how do I do X' and 'can you do X,' which can cause this skill to activate during ordinary help-seeking rather than explicit requests to search/install third-party skills. In context, that matters because the skill encourages package discovery and potential installation, increasing the chance of unintended supply-chain actions or steering users toward external code when they only wanted advice.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The 'When to Use This Skill' section uses ambiguous conditions like users expressing interest in extending capabilities or wanting help with a domain, without clear boundaries distinguishing normal assistance from package acquisition. This makes unintended invocation more likely and could channel routine queries into external skill search/install flows, expanding attack surface through unnecessary interaction with third-party packages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to install packages using `npx skills add <owner/repo@skill> -g -y`, where `-g` performs a global install and `-y` suppresses confirmation prompts, but it does not require an explicit warning or renewed user consent. In a skill-discovery context, this is dangerous because it can lead to silent installation of third-party code at user scope, increasing supply-chain and persistence risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs the agent to install third-party skills using a global install flag and confirmation bypass (`-g -y`) without any warning, trust model, or requirement for explicit user confirmation. This is dangerous because it normalizes unattended system-level modification and package installation from external sources, increasing the chance of supply-chain compromise or unintended persistent changes on the user's environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal