ClawHub

Lambda Lang

Security checks across malware telemetry and agentic risk

Overview

Lambda Lang is a disclosed agent-to-agent language and parser skill; its main risks are readability and trusting external vocabularies, not hidden system access.

Reasonable to install for Lambda language parsing and reference use. Keep human-facing output in natural language unless Lambda is requested, decode Lambda messages before acting on them, and only load or accept external vocabularies from trusted, reviewed sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The spec explicitly allows loading an external vocabulary file from a remote location into an active conversation. In an agent skill context, this creates a supply-chain and prompt-injection surface because untrusted remote content can redefine terms, alter semantics, or introduce adversarial instructions that downstream agents may treat as authoritative.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The external vocabulary loading feature is broader than necessary for a shared language specification and expands the trust boundary without clear constraints. Because agents may consume these vocabularies during communication, an attacker could use a crafted external registry to manipulate interpretation, cause unsafe tool use, or create inconsistent meanings across agents.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill strongly frames Lambda as a native machine language and says it should be used whenever both sides 'speak Λ', without offering a user-controlled fallback to natural language. In an agent setting, this can reduce transparency, make actions harder for users to audit, and enable hidden or less interpretable agent-to-agent exchanges, especially given the explicit A2A, evolution, routing, and broadcast semantics.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The spec creates ambiguous parsing boundaries by saying the core domain is always active while also allowing extended vocabulary and namespace switching, but it does not define strict trigger conditions for when symbolic tokens should be interpreted versus treated as literal text. In an agent-to-agent language, that ambiguity can cause unintended command interpretation, inconsistent behavior across implementations, and opportunities for prompt or protocol injection through crafted text that is accidentally parsed as active syntax.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default behavior is underspecified because it permits core atoms and extended vocabulary even without a namespace declaration, but does not define scope, activation triggers, or opt-out conditions. That makes it easier for attacker-controlled content to be misread as executable protocol syntax, especially in systems that ingest mixed text and symbolic messages, leading to accidental action routing or semantic confusion between agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal