ClawHub

Skill Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate publishing purpose, but its publishing script appears to allow command injection and includes easy bypasses for validation and security checks.

Do not use this skill to publish untrusted or third-party skill directories until publish.sh is fixed to avoid eval and the bypass flags are removed or tightly gated. If installed, only run it on skill sources you fully control, review SKILL.md metadata before publishing, and avoid --skip-checks or --force except in isolated testing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to execute multiple shell scripts (`scaffold.sh`, `validate.sh`, `security-scan.sh`, `publish.sh`) but does not declare corresponding permissions. Undeclared shell capability weakens review and policy enforcement because a caller may not realize the skill can run local commands that modify files or publish artifacts.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script builds a shell command string from user-controlled values such as --slug, --version, --changelog, and data parsed from SKILL.md, then executes it with eval. Even though the values are wrapped in quotes, eval causes the shell to re-parse the constructed string, so command substitution or crafted quoting inside those inputs can lead to arbitrary command execution on the publisher's machine.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The script advertises that publishing occurs after validation and security scanning, but the documented interface includes --skip-checks and --force paths that bypass those protections. In a skill-publishing context, this weakens trust in the pipeline and makes it easy to distribute unsafe or policy-violating skills without normal safeguards.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger description is very broad, covering nearly any request related to creating, packaging, or publishing agent capabilities. Overly broad activation criteria increase the chance the skill is invoked in unintended contexts, where it may scaffold files, run shell scripts, or initiate publishing without the user's precise intent.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The template leaves the skill activation description as a generic TODO and explicitly says the description determines when the skill gets activated. If published or reused without being tightened, it can produce vague or overly broad routing criteria, causing the skill to trigger in unintended contexts and execute packaging or publishing-related actions when not appropriate.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
echo "  --slug <name>        Skill slug (required)"
  echo "  --version <x.y.z>    Version number (required)"
  echo "  --changelog <text>   Changelog message (optional)"
  echo "  --skip-checks        Skip validation and security scan"
  echo "  --force              Force publish even with warnings"
  echo ""
  echo "Example:"
Confidence
95% confidence
Finding
--skip-checks

Tool Parameter Abuse

High
Category
Tool Misuse
Content
CHANGELOG="$2"
      shift 2
      ;;
    --skip-checks)
      SKIP_CHECKS=true
      shift
      ;;
Confidence
95% confidence
Finding
--skip-checks

Tool Parameter Abuse

High
Category
Tool Misuse
Content
if ! bash "$SCRIPT_DIR/validate.sh" "$SKILL_DIR"; then
    echo ""
    echo "❌ Validation failed. Fix errors and try again."
    echo "   Or use --skip-checks to bypass (not recommended)"
    exit 1
  fi
  echo ""
Confidence
90% confidence
Finding
--skip-checks

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal