ClawHub

Windows Esm Installer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Windows install-repair helper, but it can immediately make persistent npm configuration changes and write executable scripts without clear prior consent.

Install only if you are comfortable with the skill changing npm registry settings and creating executable installer scripts. Before use, ask the agent to preview every command and file path, confirm whether the npm registry change is global or project-local, save the previous registry value, and review any generated .bat or .ps1 files before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill does more than diagnostics or script generation: it directly executes `npm config set registry ...`, which changes the user's npm configuration immediately and persistently. Modifying global package manager settings without explicit consent can redirect future package installs, create supply-chain trust issues, and violate user expectations about what the skill will change.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README advertises very broad trigger phrases such as 'Windows 安装修复' alongside slash commands, which can cause the skill to be invoked unintentionally in ordinary conversation. In an agent setting, accidental invocation is risky because this skill is described as making environment and installation changes, so a casual mention could lead to system-modifying actions being proposed or executed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This section describes system-changing behavior including changing npm registry settings, checking/installing dependencies, and generating executable .bat/.ps1 scripts, but does not present a clear upfront warning about side effects, scope, or privilege implications. Users may run the skill expecting a harmless diagnostic, when it can alter package manager configuration and create or run privileged scripts on the host.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The natural-language triggers are very broad and generic, such as phrases related to Windows installation and repair, which increases the chance the skill is invoked when the user did not explicitly intend to run a system-changing installer helper. In this skill's context, unintended invocation is more concerning because the documented behavior includes changing npm registry settings, generating scripts, and potentially requesting privilege elevation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic npm mirror configuration and later notes that some operations may request elevation, but it does not present an upfront safety warning that user environment configuration will be changed. This is dangerous because users may invoke the skill expecting diagnostics only, while the skill can alter package-manager behavior and system state in ways that persist beyond the current task.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The description mentions one-click script generation but does not clearly warn, before use, that those generated .bat/.ps1 scripts can perform installation and other state-changing actions affecting user files and system configuration. In this context, that omission raises the risk of users running scripts they do not understand, especially on Windows where batch and PowerShell scripts may execute privileged or persistent changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
In the main handler, the skill invokes `setupNpmMirror()` before returning any warning or asking for approval, so a trigger phrase can cause an immediate persistent npm registry change. This is dangerous because it silently alters the software supply path for subsequent installs and could expose users to unreviewed mirrors or organizational policy violations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill writes `install.bat`, `install.ps1`, and `INSTALL_REPORT.md` into the current working directory without prior disclosure or confirmation. Creating executable scripts in the user's workspace can overwrite expected files, introduce unintended execution paths, and leave behind artifacts that users may run later without realizing they were auto-generated by the skill.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal