ClawHub

Red Team

Security checks across malware telemetry and agentic risk

Overview

This is a coherent red-team debate skill, but users should know it sends questions and chosen files to their selected AI CLI backend.

Install this only if you are comfortable using your logged-in Claude, Codex, or Gemini CLI account for red-team analysis. Choose context files deliberately, avoid sensitive or regulated data unless the selected provider is appropriate for it, review custom personas before running them, and ask the agent to confirm before running the skill when your wording is ambiguous.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to execute a local Python script, invoke external CLIs, read user-supplied context files, and optionally write output files, but it does not declare permissions for shell, file read, or file write. This creates a transparency and policy-enforcement gap: an orchestrator or user may treat the skill as low-risk while it actually performs privileged local actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill says to invoke itself for broad phrases like 'red team', 'stress test', 'devil's advocate', and 'what could go wrong', which overlap with ordinary user language. That can cause over-broad auto-triggering, leading the agent to run shell commands and process files when the user may only be asking for a conversational analysis rather than consenting to tool execution.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The tool forwards the user's question and optional context file contents to external agent CLIs, which may transmit that data to remote model providers, but the script does not present any explicit warning or confirmation about that disclosure. In a red-team/debate skill, users may paste sensitive strategy, legal, security, or proprietary material, making silent exfiltration to third-party services materially risky.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Custom persona files loaded from disk are forwarded as system prompts to external backends without warning that their contents may be disclosed to third-party services. While lower risk than user question/context, persona files can still contain internal methodologies, proprietary instructions, or sensitive policy text that users may not expect to be transmitted externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal