ClawHub

AI.MD

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent purpose, but it can read and rewrite persistent Claude instruction files and requires multi-model validation without a clear data-sharing consent boundary.

Install only if you are comfortable letting an agent inspect and rewrite your Claude instruction files. Before running it, remove secrets, credentials, private URLs, and sensitive operational details from CLAUDE.md/rules; require a diff before replacement; skip or explicitly approve any multi-model testing; and install from a pinned trusted revision rather than a mutable main-branch curl command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The skill instructs the agent to run validation against multiple external LLMs, which expands data flow beyond local markdown transformation into third-party model interaction. If a user's CLAUDE.md contains proprietary instructions, secrets, internal URLs, or operational policy, the skill could cause unreviewed disclosure to external services and create unintended outbound actions beyond the declared scope.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The shell commands enumerate and copy files under ~/.claude, which gives the skill filesystem-read and write behavior beyond simple rewriting guidance. In a real agent environment, this could expose sensitive prompt files, rules, or embedded credentials, and it encourages direct modification of user state with insufficient confirmation boundaries.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrases "壞了", "修到好", "確定嗎", and especially "處理一下" map very short, common utterances to broad operational actions like debugging, background fixing, proving claims, or proceeding without further confirmation. In a real agent workflow, this can cause the model to over-interpret ambiguous user input and take actions beyond the user's actual intent, increasing the risk of unintended changes or unsafe operations.

Ssd 3

Medium
Confidence
87% confidence
Finding
The instruction `profile: ~/.claude/ref/user-profile.md (update-on-learning)` directs the agent to persist learned user information across sessions. Without explicit data-minimization and sensitivity filtering, this can cause retention of personal, behavioral, or confidential information that later gets surfaced or reused outside the original task context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The learning rules instruct the agent to record user preferences and one-time statements into persistent files like `user-profile.md` and `lessons.md`. This creates a real retention risk because sensitive or context-specific information may be written permanently and later exposed, especially when the rules encourage broad capture such as "told-once" and "never-ask-again."

Ssd 3

Medium
Confidence
95% confidence
Finding
The file instructs the agent to persist learned user preferences and prior interactions into reference files across sessions. This creates a data retention risk because sensitive personal information, mistaken inferences, or confidential task details may be stored indefinitely in natural language files and later surfaced to unrelated tasks or users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal