Back to skill

Security audit

Clawhub Publisher

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ClawHub publishing helper, but it asks users to install unreviewed external tooling and give it credentials that can publish, roll back, or alter access to live skills.

Install only if you trust the publisher and the external npm/PyPI package. Use a least-privilege ClawHub token, start with validation or dry-run mode, review exactly which files and versions will be published, and require explicit human approval before publish, batch publish, rollback, CI deployment, README rewriting, or team-access changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README documents automatic README modification to inject a Gumroad link, but does not clearly warn users that local project files will be edited as part of publishing. This can lead to unintended content changes, supply-chain risk in CI/CD workflows, and accidental publication of modified documentation that the user did not explicitly review.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The rollback feature is presented without warning that it may replace a currently deployed version or restore older content, which could disrupt users or reintroduce previously fixed issues. In a publishing tool tied to deployment workflows, underdocumented rollback behavior can cause accidental destructive changes in production environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill explicitly performs publishing and deployment actions that can change remote state, but the description and surrounding user-facing text do not warn that invoking it may create releases, push updates, or modify external platform state. In a publishing/CI-CD context, missing consent and safety warnings increases the risk of accidental production changes, unintended releases, and misuse in automated workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.