ClawHub

Spike Skill Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a local skill-routing helper, but it persistently logs raw user task text to a fixed local file without clear user-facing consent, controls, or retention limits.

Install only if you are comfortable with a routing skill seeing broad task descriptions and writing them to a local history file. Avoid using it for prompts containing secrets, private business context, credentials, or personal data unless you first modify or disable the logging behavior and fix the hardcoded workspace path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README advertises very broad trigger phrases such as asking what skill to use or whether there is a related skill, which can cause the orchestrator to activate in ordinary conversation rather than only in explicit routing scenarios. In a scheduler/orchestrator skill, overbroad activation is more dangerous because unintended invocation can influence downstream skill selection, expand the attack surface, and route user requests through unexpected chains.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill records raw task text plus proposed and accepted skills to a local JSONL log without any visible user notice, consent flow, retention limit, or sanitization guidance. Because user tasks can contain sensitive prompts, secrets, personal data, or business context, this creates a privacy and data exposure risk if logs are later accessed, exfiltrated, or retained indefinitely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script persistently logs task content and skill-selection decisions to a fixed user-local JSONL file without any consent check, minimization, or prior disclosure. Because `task` may contain sensitive user prompts or operational context, this creates an avoidable privacy and data-retention risk, especially in an orchestrator skill that may see broad cross-domain requests.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal