ClawHub

find-slills

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned, but it can steer broad user requests into globally installing third-party skills without a clear confirmation boundary.

Review this skill before installing. Use it only when you explicitly want skill discovery or installation, inspect any recommended skill source first, avoid unattended global installs, and prefer an install command that gives you a chance to confirm what will be added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The metadata description triggers on very broad phrases like 'how do I do X' and 'can you do X', which overlap heavily with ordinary user help requests. That can cause this skill to activate in many unrelated contexts and steer the agent toward package discovery or installation flows when the user did not explicitly ask for external software, increasing the chance of unnecessary supply-chain exposure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The 'When to Use This Skill' section defines invocation conditions so broadly that many normal assistance requests could route into this skill. In a skill that recommends and installs third-party packages, ambiguous activation is risky because it can create a path from generic user intent to external package acquisition without a clear boundary or necessity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation recommends `npx skills add <owner/repo@skill> -g -y`, which performs a global install and suppresses confirmation prompts. This is dangerous because it encourages unattended installation of externally sourced code at user scope, reducing friction for accidental or malicious package installation and hiding important review/consent checkpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal