ClawHub

Skylv Capability Growth

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent capability-growth reporting skill, but users should scope and redact sensitive logs before using it.

Install only if you want an agent to analyze capability-growth evidence. Before use, choose a narrow directory or file set, redact secrets and personal data from logs and exports, and confirm that the agent should generate a report before it reads conversation history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages analysis of session logs, daily notes, and conversation exports, which commonly contain credentials, personal data, or confidential business information, but provides no privacy warning, minimization guidance, or handling safeguards. In a capability-tracking skill, this increases the chance that users ingest sensitive data into reports or downstream tooling without understanding the exposure risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger keyword list is very broad and includes generic terms such as "growth," "improvement," "performance," and "metrics," which could cause the skill to activate in many unrelated contexts. Because this skill analyzes directories of session logs, unintended invocation may expose sensitive logs or steer the agent into unnecessary file analysis without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest trigger phrase "capability growth" is ambiguous enough to match general discussions about improvement rather than a clear request to analyze logs. In this skill's context, accidental activation is more concerning because the documented behavior involves scanning directories and processing potentially sensitive session history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal