ClawHub

Better Readme

Security checks across malware telemetry and agentic risk

Overview

This README-writing skill appears purpose-aligned and not malicious, but users should review file changes before accepting generated documentation.

Before installing or using it, ask the agent to preview a diff and confirm before overwriting README files. Run it only on documentation-relevant project files or a clean working tree, especially if the repository contains secrets, internal notes, or single-language documentation requirements.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The phrase "Check my README" is a broad natural-language trigger that can plausibly appear in ordinary conversation, causing the skill to activate when a user did not explicitly request this specific tool. In an agent ecosystem, unintended invocation can lead to unnecessary repository scanning, file generation, or workflow execution beyond the user's precise intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The example triggers (for example, "Write a README for this project" and "Score my README") are generic requests that many assistants could interpret in multiple ways, increasing the chance this skill is auto-selected without strong user intent. Because the documented workflow includes codebase scanning and generating bilingual README files, an overly broad trigger surface can cause overreach relative to what the user expected.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README explicitly says the agent will scan the project, fill templates, and generate README files, but it does not warn that existing README content may be overwritten or modified. In an agent-skill context, unclear disclosure around automatic file modification can lead to unintended destructive changes, especially when users invoke the skill with casual prompts and may not expect write actions.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The README states that the agent scans the codebase to obtain 'real data' but does not disclose the scope of repository access or advise users about reviewing sensitive files. For a documentation skill, repository-wide scanning is contextually plausible, but the lack of transparency can still expose secrets, internal notes, or unrelated files to the agent unnecessarily.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs generating README.md and README.zh-CN.md content without warning that existing documentation files may be overwritten. In a real repository, this can cause loss of curated documentation, accidental replacement of hand-written content, or noisy changes that get committed unintentionally.

Natural-Language Policy Violations

Medium
Confidence
83% confidence
Finding
Mandating bilingual output with Chinese regardless of user preference can introduce unauthorized content changes, larger diffs, and repository policy violations for projects that require single-language documentation. While not a classic security exploit, it is a policy and integrity risk because it causes unexpected modification scope beyond the user’s likely request.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Agent Skill README template encourages extremely generic trigger phrases and context matches without any guidance to constrain them. In agent ecosystems, overly broad triggers can cause accidental activation in unrelated contexts, increasing the chance that the wrong skill handles user input and performs unintended actions or exposes sensitive context.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal