ClawHub

Skylv Auto Repair Agent

Security checks across malware telemetry and agentic risk

Overview

This is a local error-diagnosis helper with a user-invoked command-monitoring mode; the risky parts are visible and purpose-aligned but should be used carefully.

Install only if you want a local Node.js helper for diagnosing failures. Treat watch mode like running any shell command: review the exact command first, do not pass untrusted text into it, and avoid teaching it secrets or private logs because learned patterns are saved locally and reused later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The watch mode passes a user-supplied string directly into execSync, which invokes a shell and executes arbitrary commands with the privileges of the current process. That behavior materially expands the skill from error analysis into unrestricted command execution, so if untrusted input reaches this feature it can be used for command injection or destructive local actions.

Context-Inappropriate Capability

High
Confidence
87% confidence
Finding
Importing child_process and exposing arbitrary subprocess execution is inconsistent with a narrowly scoped self-healing analyzer unless there is a clearly justified, bounded need. In this file, that capability is later used to run arbitrary commands, increasing the attack surface and enabling harmful side effects beyond analysis.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README prominently advertises automatic diagnosis, fixing, and learning behavior, but it does not clearly warn users that running the tool may execute remediation steps that modify files, settings, or workflow state. In an agent skill context, self-healing behavior increases operational risk because users may invoke it assuming it is advisory only, while it can instead take actions on the host system.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The command examples encourage users to run analyze, heal, and watch operations directly, including monitoring another command, without warning that remediation actions may be triggered on the user's machine. This is dangerous because copy-pasted examples in README files are frequently executed as-is, and in this context the skill's purpose is specifically to diagnose and auto-apply fixes, which can alter code, execution flow, or environment state.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Using a broad trigger like 'debug' makes accidental invocation likely in normal conversations, especially in environments where skills auto-activate on keyword matches. Because this skill can analyze errors, learn patterns, and may execute fixes or watched commands, unintended activation could lead to unauthorized actions or disclosure of operational context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises a self-healing watch mode but provides no explicit risk warning before executing an arbitrary command string. That omission increases the likelihood that operators will run dangerous input without realizing it is shell-executed, which raises the chance of accidental misuse and successful social-engineering attacks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The file exposes a broad, minimally constrained invocation phrase that can trigger the self-healing engine on arbitrary quoted input. In a skill that automatically analyzes and repairs agent workflows, underspecified triggering increases the chance of unintended activation, misuse on attacker-controlled text, or execution in contexts the author did not intend.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal