ClawHub

AI运行时观测系统

Security checks across malware telemetry and agentic risk

Overview

This non-executable debugging skill is not malware, but it asks to expose broad internal runtime context and reasoning without enough scoping or redaction.

Install only in a controlled developer or admin debugging environment. Do not use it on workflows containing credentials, private user data, protected prompts, or sensitive tool outputs unless the host platform enforces redaction, authorization, and high-level summaries instead of raw internal traces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill claims it only observes and does not participate in decision-making, but later instructs it to perform arbitration and declare winners in conflicts. That creates role drift from passive observability into active adjudication, which can influence orchestration behavior and operator trust even if framed as reporting. In a debugging/observability skill, this is dangerous because diagnostic output may be treated as authoritative and alter downstream decisions.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill requires reading full `trace_logs`, `previous_output`, and `data_envelope`, then describes a global append model for runtime logs. This creates a clear data minimization and leakage risk: sensitive prompts, prior outputs, internal metadata, or user data may be retained and propagated across components beyond what is necessary for debugging. Observability skills are especially risky because they centralize high-value context in one place.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill’s final goal explicitly directs it to expose internal thinking, self-critique, agent generation, and runtime decision processes to the user. That can disclose sensitive internal reasoning, hidden system prompts, security logic, user-derived confidential context, or chain-of-thought-like material that should remain internal. In an observability skill, this materially increases the risk of prompt leakage and privacy violations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal