Skill Auto Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a real ClawHub publishing helper, but it can modify and upload local skill files with broad activation wording and limited built-in safety checks.

Review before installing. Use it only when you intentionally want an agent to publish skills to ClawHub, and verify the active ClawHub account, target directory, included files, version, and changelog before running it. Avoid using it on untrusted or oddly named skill directories until the script's unsafe interpolation and missing script-level confirmation are fixed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrase “发布这个技能” is overly broad and context-dependent, making accidental activation plausible during ordinary conversation. Because this skill can perform file inspection, version changes, and ultimately shell-based publish actions, unintended invocation could lead to sensitive workspace analysis or initiate a release flow the user did not clearly intend.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The description-level trigger “发布技能” is generic enough to collide with normal speech, increasing the risk that the skill activates outside a deliberate publishing request. In this context, accidental activation is more concerning because the skill is designed to read project files, maintain history, and prepare shell-driven publishing operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal