ClawHub

skill-optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to improve other skills, but it can read arbitrary user-provided paths and directly edit other SKILL.md files with incomplete scoping and inconsistent disclosure.

Review this skill before installing. Only use it on skills you are comfortable modifying, keep it inside the intended workspace, and ask it to show an exact diff and backup plan before allowing any SKILL.md write.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s declared purpose is analysis and recommendation, but the workflow escalates into directly modifying another skill’s SKILL.md. This creates a capability mismatch that can surprise users, bypass expected review boundaries, and enable unsafe or unintended changes to prompt logic or agent behavior.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The English metadata presents the skill as analysis/suggestion-only, while the Chinese metadata says it also executes modifications. This inconsistency can mislead users and downstream systems about the skill’s real authority, increasing the chance of unintended file changes under a less risky-looking description.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Instructing the agent to read user-provided file paths without restrictions or privacy warnings can enable access to sensitive local files unrelated to the requested task. Even if the user supplies the path, the skill lacks guardrails for scope validation, consent, or data minimization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill says it will directly modify the target SKILL.md after confirmation, but it provides no recommendation for review, backup, diff display, or rollback. This makes destructive or prompt-injecting edits easier to introduce and harder for users to detect before they affect agent behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal