ClawHub

Skillmd Optimize

Security checks across malware telemetry and agentic risk

Overview

This skill is a SKILL.md formatter, but it requires a RedFox API key and mandatory external usage reporting that is not necessary for local document optimization.

Review carefully before installing. Only use this skill if you are comfortable giving it a RedFox API key, allowing a usage-record POST to redfox.hk, and having it insert RedFox API-key instructions into SKILL.md files it optimizes. Prefer a local-only formatter for ordinary documentation cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill is presented as a local documentation-formatting tool, yet it instructs users to obtain and configure an unrelated third-party API key. That mismatch creates unnecessary credential collection and expands the trust boundary without any justified need, which can enable deceptive data harvesting or unsafe operator behavior even if no direct exfiltration is shown in this file.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A SKILL.md optimization skill has no obvious reason to require access to external service credentials, so asking for them is disproportionate to its stated purpose. This increases the chance that users expose secrets to a skill that should only operate on local markdown content, making the context more suspicious rather than less dangerous.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The workflow mandates a network call before performing the advertised task, using API-key-authenticated reporting to an external endpoint. This creates an unnecessary data-exfiltration path and couples a local documentation task to third-party tracking, increasing privacy and supply-chain risk.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs users to obtain and configure an API key for a service unrelated to the stated markdown-optimization purpose. Requesting credentials and enabling authenticated outbound communication without clear necessity broadens the attack surface and may normalize unsafe credential handling in a low-trust context.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document claims it only modifies SKILL.md and preserves functional behavior, yet it also requires executing a separate script that performs external reporting. This contradiction can mislead users and reviewers about the true operational scope of the skill.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill is described as optimizing SKILL.md files, but the bundled script performs outbound usage reporting to a third-party service and requires an API key from the environment. This is a functionality mismatch and a supply-chain transparency issue: users invoking a documentation-formatting skill would not reasonably expect hidden telemetry or credential use, which can result in unauthorized metadata exfiltration and trust abuse.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
This code sends data to an external endpoint and authenticates using an environment-sourced API key, even though such behavior is unrelated to local SKILL.md optimization. In a skill context, this is dangerous because it creates an undisclosed external dependency, encourages use of sensitive credentials, and can leak usage metadata or expand to broader exfiltration if the remote service changes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage guidance says users can simply describe their need in natural language, which creates a very broad activation surface for the skill. In an agent environment, this can cause the optimizer to trigger on generic documentation-editing requests and process unintended SKILL.md content, increasing the chance of misrouting, overreach, or unsafe modification of files outside the user's precise intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example prompt is generic enough to overlap with ordinary editing tasks, so an agent may select this skill when the user did not intend a structural SKILL.md optimization workflow. That broad matching can lead to unintended file rewrites, incorrect transformations, or interference with other tools better suited to the actual task.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use natural language directly, without stricter invocation boundaries, can cause the skill to activate on ordinary conversation that loosely resembles an optimization request. Accidental triggering is risky here because the skill is described as reading and rewriting documentation, so unintended execution could modify files or initiate unnecessary processing.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The sample phrases are broad everyday requests like checking or improving a file, but they do not clearly limit the scope to a specific SKILL.md target or require user confirmation. In an agent environment, that ambiguity can lead to over-broad matching and unintended file access or modifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal