ClawHub

Prompt Library Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local prompt-template library with disclosed file storage and no network or credential behavior, but users should avoid storing secrets and keep backups.

Install if you are comfortable storing reusable prompts locally and exporting them to files you choose. Do not save passwords, API keys, regulated data, or confidential customer content in templates. Keep a backup of important prompt libraries because deletes and overwrites are immediate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and documents file-backed storage in `memory/prompt-library.json` and supports import/export operations, but no permissions are declared. This creates a capability/permission mismatch that can lead to unauthorized file access assumptions, unsafe deployment, or bypass of operator review for read/write behavior.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest description contains broad activation phrases like 'find a prompt for' and 'manage prompts' that can overlap with ordinary conversation. This increases the chance the skill is invoked in unintended contexts, exposing stored prompt content or causing file operations when the user did not explicitly request prompt-library actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The delete command accepts a --confirm flag but does not enforce it, so prompt records can be deleted immediately with a single command and no safety check. In a prompt-management skill, this creates a real integrity and availability risk because users or calling agents can accidentally or programmatically remove stored prompt assets without any guardrail.

Direct Prompt Extraction

High
Category
System Prompt Leakage
Content
- `--format text|json|markdown` — Output format
- `--compact` — Show names only

### `use` — Fill and Output Prompt
Retrieve a prompt and fill in variable placeholders:
- `--var KEY=VALUE` — Set template variables (repeatable)
- `--copy` — Copy filled prompt to clipboard
Confidence
89% confidence
Finding
Output Prompt

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal