ClawHub

Project Narrator

Security checks across malware telemetry and agentic risk

Overview

This skill openly scans a chosen project to create and audit documentation, with privacy risks that users should manage before sharing the generated files.

Install only if you want an agent to inspect and summarize the selected repository. Review PROJECT-NARRATIVE.md and narrative-archive files before committing or sharing them, keep real secrets out of the narrative, consider git remotes and credential-location references sensitive, and use --check-urls only when you are comfortable contacting every URL in the document.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read and write project files, invoke local scripts, run shell commands, and potentially perform network-related actions, but it does not declare any permissions or safety boundaries. This increases the risk of overbroad execution and user surprise, especially because generate/update/archive workflows can modify the workspace and inspect sensitive project metadata.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The optional `check_urls` feature performs outbound HTTP requests to every URL found in the narrative, which expands a local documentation-audit tool into a networked scanner. In this skill context, narratives may contain internal, sensitive, or attacker-supplied links, so enabling this option can leak network metadata, trigger requests to internal services, or violate offline/least-privilege expectations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes scanning the entire workspace and generating a comprehensive project narrative, but it does not warn that sensitive internal content may be copied into a consolidated document. In this skill's context, that omission is meaningful because the generated artifact is intended to be widely reusable for disaster recovery and handoff, increasing the chance that proprietary code structure, internal endpoints, operational details, and secret-adjacent metadata are exposed more broadly than intended.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad natural-language terms such as "fresh eyes," "project health check," and "documentation audit," which could activate the skill during ordinary conversation without clear user intent. Because the skill can scan repositories, run scripts, and modify or archive files, overly broad invocation increases the chance of unintended execution in sensitive workspaces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs generation of PROJECT-NARRATIVE.md and archival of prior versions but does not prominently warn that it will write new files and preserve historical copies. In practice this can alter repository state, leak project metadata into tracked documentation, and create persistent archives containing sensitive architectural details.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The script automatically gathers repository metadata and writes it into PROJECT-NARRATIVE.md without an explicit warning or consent gate. In the context of a documentation generator, this increases the chance that internal git remote URLs, branch names, and commit messages are unintentionally embedded into a document that may later be committed, published, or shared.

Session Persistence

Medium
Category
Rogue Agent
Content
6. Flag sections that likely need manual review based on what changed
7. Update the "Last updated" date

**The agent should not blindly rewrite sections** — flag what changed and let the user decide how to update the narrative prose.

### `narrator report`
Confidence
80% confidence
Finding
write sections** — flag what changed and let the user decide how to update the narrative prose. ### `narrator report` Generate a health report without modifying anything. **Workflow:** 1. Run the

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal