ClawHub

Piv

Security checks across malware telemetry and agentic risk

Overview

This is a development workflow skill that can edit, test, research, spawn helper agents, and commit code, so it is coherent but should only be run in repositories you trust.

Install only if you want an agent to actively modify a repository. Run it from the intended project, keep a clean git state or backup first, review generated PRDs/PRPs, treat PRP-specified commands as trusted input, and approve external research, shell commands, and git commits deliberately.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill explicitly authorizes "research (web search, codebase scan)" during discovery, which expands behavior beyond the manifest's stated local orchestration/development purpose into external data retrieval. That broadens the trust boundary and can cause unexpected network access, exposure of project context to external services, or user surprise about where information is being sourced from.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description is broad enough to match ordinary software-development requests, not just deliberate use of a PIV orchestrator. Overbroad triggering can cause the skill to activate in contexts where users did not intend automated orchestration, file creation, or multi-agent execution, increasing the chance of unintended actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
These instructions direct the orchestrator to run setup and generate a PRD file, which are filesystem-modifying actions, without an upfront user-facing warning in the skill description. A user invoking what appears to be an orchestration/planning skill may not expect automatic directory creation and file writes, creating risk of unintended repository changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The project setup section performs concrete write operations such as mkdir and file copying/creation, yet the skill metadata does not clearly warn users that invocation can modify the filesystem. This can lead to silent workspace changes, accidental pollution of unrelated repositories, or execution in the wrong path.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow includes automatic git status/diff inspection followed by creation of a semantic commit, but the skill description does not clearly warn that it may alter git history. Automatic commits are higher impact than ordinary file writes because they permanently record changes, may include unintended files, and can disrupt the user's normal review/commit process.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill instructs writing output directly to a user-controlled path via `$ARGUMENTS` with a default file, but it does not warn about overwriting existing files or require confirmation before modification. In an agentic workflow orchestrator, this increases the chance of unintended file clobbering, especially if the argument resolves to an important repository file or a sensitive path.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly directs the agent to use shell/command execution, GitHub CLI, web search, and to run validation commands from the PRP without requiring user confirmation, trust boundaries, or command allowlisting. Because the PRP file and surrounding repository content are treated as trusted inputs, an attacker could embed dangerous commands in the referenced PRP or validation steps, leading to unintended command execution, data exfiltration, or destructive local actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to automatically create directories and write a PRD file into the workspace as part of discovery, but it does not require explicit user confirmation or a user-facing warning before modifying files. In an agent setting, silent workspace mutation can lead to unintended changes, repository pollution, or writes in an incorrect project path, especially when discovery is triggered from a vague initial request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs the agent to use read, write, edit, and exec tools to modify the project and run commands, but it does not include any user-facing warning, confirmation requirement, or scope restriction around those impactful actions. In an agent setting, this increases the risk of unintended file changes, destructive command execution, or execution of unsafe PRP-specified validation commands, especially because the PRP input is treated as fresh context and may itself be adversarial or incorrect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal