ClawHub

Find Skills Tianjin

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can steer broad help requests into persistent global installation of third-party skills while skipping installer confirmations.

Review the exact skill source and publisher before installing anything this skill finds. Prefer search-only use first, avoid skipped confirmations, and install globally only when you intentionally want the skill to affect future agent sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The frontmatter description uses very broad trigger language such as generic requests for help, finding functionality, or extending capabilities. In a skill-routing system, this can cause the skill to activate for many ordinary conversations, increasing the chance the agent recommends or initiates package discovery and installation when the user did not explicitly ask for that.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage criteria include ambiguous conditions like 'how do I do X', 'can you do X', and vague interest in extending capabilities, which overlap with normal assistant usage. This creates an unsafe decision boundary where the agent may invoke a package-discovery/install workflow for routine requests, potentially steering users toward executing external installation commands unnecessarily.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to offer installation using 'npx skills add <owner/repo@skill> -g -y', where '-g' performs a global install and '-y' suppresses confirmation. Recommending or automating global installation of third-party code without an explicit warning, trust check, or confirmation materially increases the risk of silent supply-chain compromise or unintended system-wide changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal