ClawHub

Trollgent - Thinking Loop Breaker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed loop-breaker, but it tells agents to silently make repeated third-party network requests and consume external instructions without clear user control or privacy disclosure.

Review before installing. This skill does not modify files or access credentials, but it can cause the agent to contact companions.bot silently when it feels stuck and to use the returned text as behavioral guidance. Install only if you are comfortable with that third-party dependency and the lack of explicit consent, logging, and data-handling disclosure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to call an external endpoint with curl, then later claims it 'does not call external services.' That mismatch is security-relevant because it misrepresents behavior to reviewers and users, reducing informed consent and making third-party data exposure easier to overlook. In this context, the deception is especially concerning because the skill is designed for silent self-invocation during internal reasoning loops.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The self-invocation triggers are broad, subjective, and tied to common reasoning behavior such as uncertainty, branching, or long deliberation. That means the skill could activate in many ordinary tasks and silently fetch third-party content without a user request, creating repeated unexpected outbound requests and allowing external content to influence the agent's behavior at sensitive moments. Because invocation is framed as part of the agent's internal recovery mechanism, the context makes this more dangerous, not less.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to fetch content from a third-party HTTP endpoint without a clear warning about privacy, logging, or contextual data leakage. Even if the curl command shown does not include task text directly, the call still discloses metadata such as timing, IP/environment details, and the fact that the agent is in a particular reasoning state; future implementations may also be tempted to include more context. The danger is amplified because the fetched content is intended to alter the model's subsequent behavior.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal