clawhub-skill-forge

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for creating ClawHub skill scaffolds; its higher-risk items are disclosed as publishing or generated-skill guidance, not hidden runtime behavior.

Safe to install as a scaffold helper, but review any generated SKILL.md and _meta.json before publishing. Do not run the gh repo edit example until you have changed it to your own repository, and verify that generated descriptions truthfully match any credentials, APIs, background workers, and data flows in the generated skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill includes `gh repo edit` commands that modify repository metadata after publishing, which is outside its stated purpose of generating only `SKILL.md` and `_meta.json`. This expands the skill's operational scope into account-affecting GitHub actions and could cause unintended changes to user repositories if followed blindly.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The manifest claims 'No credentials or binaries required,' but the body requires external CLIs (`clawhub`, `gh`, PowerShell/pwsh) and account-specific identifiers like `ownerId`. This mismatch can mislead users and security reviewers about the skill's actual privileges, dependencies, and the external accounts it will interact with.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal