ClawHub

Shike Darwin Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill-quality optimizer that can edit and commit changes to skill files, but its high-impact behavior is purpose-aligned and includes user checkpoints and rollback guidance.

Install only if you want an agent to evaluate and modify local skill files. Use explicit targets when possible, review the proposed scope and diffs before allowing edits, and expect git commits/reverts plus local results files. For stricter privacy, remove or block remote font loading in the static assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Low
Confidence
95% confidence
Finding
The SVG imports a Google Fonts stylesheet from an external domain, which causes network access when the banner is rendered. In a local skill/package context this can leak usage metadata, create unwanted third-party dependencies, and slightly expand the attack surface if remote content changes or is blocked.

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The SVG imports a remote Google Fonts stylesheet, which causes a network request when the banner is rendered in environments that permit external fetches. While this is not code execution, it introduces unnecessary third-party dependency, metadata leakage, and tracking surface unrelated to the banner's core function.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises generic invocation phrases like “optimize all skills” or “optimize some skill,” which are broad enough to trigger repository-wide autonomous modification behavior without clear scope, confirmation, or safeguards. In the context of a skill that edits SKILL.md files, runs iterative optimization, and uses git ratcheting, this increases the chance of unintended mass changes or misuse from ambiguous user prompts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description includes very broad trigger phrases such as generic requests to optimize or evaluate skills, which can cause the skill to activate for ordinary user requests beyond its intended scope. In this skill, that broad activation is more concerning because the workflow explicitly proposes autonomous editing, git operations, and iterative optimization, so accidental invocation could lead to unintended modification-oriented behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The usage examples use broad natural-language requests like optimizing all skills or evaluating all skills without strong scope boundaries. That increases the chance the system interprets ordinary high-level requests as authorization to launch wide-reaching evaluation or modification workflows, especially since this skill describes batch scanning, test generation, and git-based changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal