ClawHub

Prompt Optimizer

Security checks across malware telemetry and agentic risk

Overview

This prompt-optimization skill appears purpose-aligned, but it needs review because it uses broad activation language and appears to create persistent state and retrieve prompt libraries without clear user control.

Install only if you are comfortable with a prompt-rewriting skill that may activate from broad natural-language requests. Before using it on sensitive prompts, check where it stores state, whether it overwrites anything, whether persistence can be disabled, and whether any GitHub prompt libraries are pinned to trusted versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README explicitly states that commands can be expressed in any language and as natural intent, which creates a very broad and fuzzy activation boundary. In a prompt-rewriting skill, this increases the chance of unintended activation or attacker-crafted phrasing being interpreted as control commands, potentially changing engine mode, loading data, or altering behavior without a clear explicit trigger.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly describes automatically writing a persistent state file during startup/onboarding, but it does not require clear advance consent at the moment of modification. Silent or automatic local file writes can surprise users, overwrite existing data, and create privacy or integrity risks, especially in agent environments where file access may affect the broader workspace.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The skill instructs users or the host workflow to retrieve prompt libraries from GitHub without an integrity, provenance, or privacy warning. Fetching remote content can expose network metadata, introduce supply-chain risk if the repository changes, and cause the skill to operate on untrusted downloaded data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "Optimize this prompt" is broad enough to match many ordinary user requests, which can cause the skill to activate outside its intended narrow scope. In an agent environment, over-broad activation increases the chance that prompt-rewriting behavior intercepts unrelated tasks, potentially transforming user intent or mishandling sensitive instructions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The command reference uses ambiguous phrases like "Refine this user prompt" and "Analytical optimization" without strong scope boundaries, making it easier for the skill to be invoked on loosely related requests. This ambiguity can lead to unintended routing, where the skill rewrites content that should instead be handled by another safer or more specialized workflow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrase includes broad natural-language triggers such as 'make this prompt better,' which can match ordinary user requests and silently switch the assistant into optimizer mode. In coding assistants, overly permissive triggers can cause unsolicited instruction rewriting, altering workflows or reshaping sensitive prompts in ways the user did not clearly request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal