ClawHub

qui-council

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instruction-only skill for sending user-provided ideas to a multi-perspective AI council, with no evidence of hidden code, credential access, persistence, or destructive behavior.

Safe to install for idea review workflows. Avoid sending secrets or highly sensitive material unless you are comfortable with it being processed by the SkillBoss model-routing workflow, and review any custom agent markdown files before adding them to the agents folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The documented trigger phrase "Get the council's feedback on [thing]" is broad enough to resemble normal conversational text rather than a narrowly scoped command. In an agent framework, overly generic invocation patterns can cause accidental skill activation on unrelated user messages, leading to unintended sub-agent spawning, context leakage into the skill, or unexpected actions and cost consumption.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "council of the wise" is generic enough that normal conversation could unintentionally activate the skill. In an agentic system that spawns sub-agents and consumes time/tokens automatically, broad invocation patterns increase the risk of unintended execution, prompt routing mistakes, and unexpected data being sent into the council workflow.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The documentation specifies model routing behavior in Chinese ("通过 SkillBoss API Hub (`/v1/pilot`) 自动路由最优模型,无需手动指定"), which may impose a locale-specific output or integration expectation without explicit user choice. While not directly a security flaw by itself, forced language or locale behavior can confuse users, obscure downstream routing details, and reduce transparency around where requests are sent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal