ClawHub

SMFOI-KERNEL

Security checks across malware telemetry and agentic risk

Overview

This is an always-on local orientation skill with disclosed local logging and no evidence of hidden code, network access, credential use, or destructive behavior.

Install this only if you want a skill that runs on every turn and may create a persistent local audit trail. Review or delete ./memory/kernel/state.md when needed, and avoid using it in workspaces where persistent conversation-derived task logs are unacceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill is configured to trigger on every turn, which causes its orientation and logging behavior to run continuously regardless of user intent or task relevance. In this file, that broad activation increases the attack surface for prompt interference and guarantees repeated execution of file-writing behavior, making even otherwise modest side effects persistent and hard to avoid.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to record outcomes to ./memory/kernel/state.md, creating persistent workspace data, but the document does not clearly present this as a write operation requiring user awareness and consent. Silent persistence can expose prior prompts, derived state, or sensitive task context to later sessions, other tools, or users with workspace access.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill declares a mandatory turn-start procedure 'before responding' without any activation boundary, so it attempts to govern every interaction in which it is present. Broadly scoped behavioral instructions can inappropriately override or interfere with higher-priority runtime policies, cause persistent prompt injection effects, and make the skill harder to safely compose with other instructions.

Vague Triggers

High
Confidence
92% confidence
Finding
The skill is configured with an `every_turn` trigger, which causes it to activate on all user interactions rather than only in narrowly scoped contexts. This broad activation increases the attack surface and creates persistent opportunities for unintended prompt injection, policy interference, or unauthorized influence over unrelated conversations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal