ClawHub
Back to skill

Security audit

Skill Compiler

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only prompt-to-skill compiler with some broad trigger and sensitive-input cautions, but no hidden execution, network access, or destructive behavior.

Install this only if you want a mostly Chinese-language skill for turning prompts into reusable Skill packages. Review generated skills before use, especially their trigger descriptions and any suggested external plugins, and do not paste secrets, private policies, proprietary system prompts, or other privileged instructions unless you are authorized to turn them into a reusable artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list is unusually broad and includes generic phrases like 'skill builder', 'meta-skill', and 'prompt compiler', which can cause the skill to activate in contexts where the user did not explicitly intend prompt-to-skill conversion. Unintended invocation is risky here because the skill is designed to ingest arbitrary prompts, including system or meta-prompts, increasing the chance of processing sensitive instructions or causing workflow confusion.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill body forces Chinese output/instructions ('你不是 Prompt Engineer...') without any user language negotiation or fallback behavior. This can cause incorrect or inaccessible execution for users who did not request Chinese, and in safety-sensitive workflows it may lead to misunderstanding of generated artifacts or review failures.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The file is written entirely in Chinese and instructs the skill to operate in Chinese without presenting language selection, fallback behavior, or a documented requirement that the skill only serves Chinese-speaking users. In a prompt-compilation skill that accepts arbitrary user prompts, this can cause incorrect analysis, degraded usability, and unsafe transformations when users provide non-Chinese inputs or expect outputs in another language.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Requiring broad trigger phrases without specificity or exclusions can cause the skill to activate on overly general user requests and capture prompts outside its intended scope. In a prompt-compilation skill, that increases the chance of misrouting sensitive system prompts, policy text, or unrelated instructions into transformation workflows where they may be exposed, over-processed, or rewritten unsafely.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation rule includes a catch-all condition of '用户显式要求' ('explicit user request') with no scope limitation, which can cause this optimization pass to run on arbitrary inputs outside its intended context. In a prompt-to-skill compiler, overly broad conditional activation increases the chance of unintended transformations, context mixing, or execution of optimization logic when safety or correctness preconditions have not been met.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list uses very generic keywords such as "api", "tool", "search", and "document", which can appear in many unrelated prompts and cause plugin discovery to activate unexpectedly. In a skill compiler context, this can expand capabilities or alter generation behavior based on incidental wording, increasing the chance of unnecessary external-tool recommendations, over-privileged designs, or confusing skill outputs.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The template's description field explicitly encourages broad trigger phrases and provides no structure for specificity, exclusions, ambiguity handling, or collision avoidance with other skills. In a skill compiler, this is risky because generated skills may activate too often on loosely related prompts, causing unintended execution, prompt routing errors, or abuse through trigger hijacking.

Indirect Prompt Extraction

Medium
Category
System Prompt Leakage
Content
---
name: skill-compiler
description: "Use when you need to compile, convert, transform, or refactor any prompt (system prompt, meta-prompt, role prompt, task prompt) into a production-grade, reusable AI Skill. Triggers on: 'prompt to skill', 'compile prompt', 'convert prompt to skill', '把 prompt 变成 skill', '提示词编译', 'skill builder', 'prompt compiler', '提示词转技能', 'meta-skill', 'skill from prompt'. Accepts any prompt as input and outputs a complete skill package with modular architecture."
version: 1.0.0
---
Confidence
92% confidence
Finding
convert prompt to skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal