ClawHub

S³ Malware Analyst

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only defensive malware-analysis skill, with risky sample-execution guidance that is disclosed and purpose-aligned but should only be followed in an isolated lab.

Install this only for defensive malware-analysis work. Do not run samples on a normal workstation or production network; use a disposable isolated VM or sandbox, snapshots, controlled or simulated networking, no shared sensitive files or credentials, and only analyze samples you are authorized to handle.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The instruction to use the skill 'PROACTIVELY' for broad malware triage, threat hunting, incident response, or security research increases the chance that an agent invokes it in situations without sufficient user intent verification or safety gating. In a sensitive domain involving malware handling, overbroad automatic activation can expose users to risky guidance, including analysis steps that may involve interacting with live malicious samples.

Missing User Warnings

High
Confidence
95% confidence
Finding
The dynamic-analysis section provides step-by-step instructions to execute a malware sample but omits explicit warnings about containment, legal authorization, host-only networking, snapshotting, and the risk of infection or unintended outbound communication. In a malware-analysis skill, this omission is dangerous because users may follow the instructions in inadequately isolated environments, causing compromise of their systems or accidental spread/network contact.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal