ClawHub

Create Interesting Skills

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates new skills, but it can persistently install and immediately run web-inspired agent instructions without a strong review step.

Install only if you are comfortable letting the agent create and deploy new skills for you. Before any write, require it to show the full generated SKILL.md, exact install path, and planned demo; avoid batch mode; reject generated skills that use shell commands, broad file access, credentials, or sensitive web queries unless you explicitly asked for them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill goes beyond idea generation and instructs the agent to write and deploy new skills into the global OpenClaw skills directory. That enables persistent code/configuration modification based on untrusted web-sourced content and user prompts, creating a path for prompt-injection persistence, unsafe capability expansion, or overwriting trusted behavior.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The feasibility rules explicitly bless use of exec even though the stated purpose is searching for ideas and generating markdown skill files. Including code execution in scope unnecessarily broadens the skill's authority and may cause downstream generated skills or workflows to assume shell execution is acceptable, increasing the risk of command execution from untrusted inspiration sources.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description contains broad conversational phrases like asking for a new skill or something fun, which are common in normal chat. That raises the chance of unintended activation of a skill that performs web searches and prepares filesystem modifications, increasing the likelihood of surprising or unsafe side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to write SKILL.md into the skills directory and deploy it without an upfront warning or explicit consent for filesystem modification. Users asking for ideas may not realize they are authorizing persistent changes, which creates a dangerous gap between expected behavior and actual side effects.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal