ClawHub

造(build)-skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill-building assistant with local/web comparison and helper scripts that fit its stated purpose.

Install this if you want an agent to help design and package skills. Before opting into its search step, be aware it may read local installed skill metadata and fetch third-party SKILL.md files from the web; review imported references as untrusted content, and check package contents before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to search local repositories and online platforms for similar skills, which introduces external network access and broader data exposure beyond a basic skill-authoring workflow. That can leak prompts, project context, or proprietary workflow details to third-party services and creates unnecessary outbound activity.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill directs execution of bundled Python scripts such as validation and packaging tools, adding code-execution capability that is stronger than simple documentation guidance. If those scripts are modified, malicious, or insufficiently scoped, the agent could run arbitrary code, touch unexpected files, or package sensitive material.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description uses very broad triggers like create, write, edit, improve, review, or package a skill, plus turning a new capability into a skill. Overbroad activation criteria can cause this skill to trigger in many unrelated contexts, increasing the chance that it overrides more appropriate skills and performs file reads, validation, searches, or packaging unexpectedly.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The guidance encourages authors to write trigger descriptions broadly, including activating even when users do not explicitly ask for the named capability. That pattern promotes accidental or over-eager activation in downstream skills, which can magnify privileges or side effects across many unrelated conversations.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation condition for Part 1 is broad and vague: 'Load when Phase 1 Step 1 in purpose of fully understand the user's intent and workflow' does not define concrete triggers or boundaries. In an agent skill, ambiguous load criteria can cause the skill to activate in unintended contexts, leading to over-collection of information, workflow drift, or incorrect orchestration decisions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Part 2 trigger, 'Load when Phase 1 Step 2 user chooses "Enhance"', is underspecified because it relies on an internal phase label without defining how the agent should reliably detect that state from user input or workflow context. This can cause the enhancement path to run too broadly whenever a user mentions improving or enhancing something, potentially applying the wrong design flow and producing unsafe or irrelevant modifications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to perform web searches, fetch full remote SKILL.md files, and copy their contents into the local ref-skills/ workspace without requiring explicit user confirmation, trust checks, or sanitization. Because SKILL.md files are themselves instruction-bearing artifacts, this creates a prompt-injection and untrusted-content ingestion path that can contaminate later phases, especially when those copied files are later summarized, compared, or used as templates.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal