ClawHub
Back to skill

Security audit

Summary Time

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is narrow and disclosed: it writes two named files in the current workspace and fetches one public website, with the main risk being overwrite of existing a.txt or b.txt.

Install only if you are comfortable with a skill that overwrites a.txt and b.txt in the active workspace and makes an outbound request to www.bytedance.com. Avoid running it in a workspace where those filenames contain important data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly says existing `a.txt` or `b.txt` files will be overwritten, but it does not clearly warn the user up front that invoking the skill can destroy prior workspace data. In an agent setting, silent overwrite behavior is a real integrity risk because users may trigger the skill expecting a harmless demo and lose existing file contents.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill performs an external fetch to `www.bytedance.com`, but the description does not clearly warn that using the skill causes network access to a third-party site. This can matter in restricted, privacy-sensitive, or air-gapped environments where outbound requests have policy, confidentiality, or provenance implications.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt auto-invokes a multi-step skill that writes files and performs a network fetch based on a broad trigger ('write time, fetch page, keep both files') without clear user-consent boundaries or narrower activation criteria. This increases the chance of unintended execution of side effects in the workspace and external data retrieval when a user request is only partially related.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal