ClawHub

Skill Designer

Security checks across malware telemetry and agentic risk

Overview

This skill helps create OpenClaw skill packages and only writes a bounded local output package after confirmation; it does not auto-install anything or request secrets.

Install this only if you want an agent to help design new OpenClaw skills. Expect it to create files under output/<skill-id>/ after confirmation, review generated SKILL.md/README and any optional scripts before using them, and avoid letting it overwrite an existing output folder without checking the contents first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill says it is only a design advisor and will not modify the environment, but later instructs writing generated files into `output/<skill-id>/`. That contradiction can cause the agent to perform local file writes despite the stated safety boundary, surprising users and enabling unintended persistence of generated artifacts.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document mixes a strong non-operation promise with operational instructions to create files in a working directory. This intent-level mismatch weakens safety guarantees and may cause downstream agents or users to trust the skill as non-mutating when it actually changes local state.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases are broad and include common conversational requests like '加一个能力' or '做一个技能', which can overlap with normal discussion. This increases the chance of accidental activation, causing the skill to take over conversations and potentially initiate file-generation behavior without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs writing generated files into a working directory but does not clearly warn that files may be created or overwritten. In practice, this can lead to silent local state changes, clobbered prior outputs, or accumulation of persistent artifacts that the user did not expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal