Skill Forge

Security checks across malware telemetry and agentic risk

Overview

Skill Forge is a legitimate-looking automation skill, but it gives an agent broad ability to discover, clone, package, publish, and publicly announce skills without clear scoping or confirmation gates.

Install only if you are comfortable running a broad automation pipeline. Use a sandbox or disposable workspace, review the linked implementation before running pnpm pipeline, provide only scoped/test credentials, and require manual review before any ClawHub publish or X/Twitter post.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly states it can automatically generate and publish posts to X/Twitter, but the description does not present a prominent user warning, consent requirement, or clear indication that external posting may occur. In an agentic automation context, this is dangerous because users may enable the skill expecting discovery/integration features while unintentionally granting it the ability to perform public actions on their behalf, causing reputational harm, spam, or unauthorized disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal