Vague Triggers
Medium
- Confidence
- 93% confidence
- Finding
- 触发词“更新技能”非常宽泛,容易与普通对话中的维护建议或咨询语句重叠,从而误触发该技能。一旦误触发,技能按设计会检查本地技能、执行同步甚至发布相关操作,可能在未获得明确用户授权的情况下引发状态变更。
Yq Skill Sync
Security checks across malware telemetry and agentic risk
Overview
This skill is transparent about syncing skills, but it gives itself broad automatic authority to read a token, update local skills, and sync or publish workspace content without clear confirmation boundaries.
Install only if you intend to grant this skill broad authority over your ClawHub skills workspace and account sync flow. Before use, narrow the trigger phrases, disable the cron by default, and require an explicit confirmation or dry-run report before any update, sync, or publish action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)
Vague Triggers
Medium
- Confidence
- 91% confidence
- Finding
- 触发词“同步技能”语义模糊,未限定同步对象、范围和动作类型,可能把仅查询状态的用户意图误解释为执行实际同步。结合该技能的核心逻辑包含 `clawhub sync --workdir /workspace`,误触发会直接带来本地与线上内容变更风险。
Missing User Warnings
Medium
- Confidence
- 95% confidence
- Finding
- 技能描述强调“自动检测 + 更新”与批量 `clawhub sync`,但没有清楚警示这会修改 `/workspace/skills` 的本地内容并触发线上同步/发布行为。缺乏透明提示和确认机制会让用户在不知情的情况下触发高影响写操作,尤其该技能还支持定时执行,扩大了意外变更的概率与影响范围。
VirusTotal
64/64 vendors flagged this skill as clean.