ClawHub

安全审核标准 - 自动化版

Security checks across malware telemetry and agentic risk

Overview

This is a local skills-audit helper whose scanning and report-writing behavior matches its stated purpose, with some usability and overwrite caveats.

Install only if you want a local auditor to scan all files under /workspace/skills and write audit reports to /workspace. Run it in a workspace where report files can safely be created or overwritten, and treat its risk scores as advisory rather than authoritative.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill’s documented behavior says files with risk scores below 40 should not output installation guidance, but the declared output format always includes a recommendation field. This inconsistency can mislead users or downstream automation into presenting guidance when the policy says it should be suppressed, weakening trust in the audit process and creating unsafe decision-making around installation.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims it performs a read-only scan, but its pseudocode explicitly writes a report file to the workspace. This is a security-relevant misrepresentation because users may authorize the skill under the assumption that it makes no filesystem changes, while it actually creates artifacts and could overwrite or expose sensitive audit data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documented trigger phrases are broad, generic security-audit commands with no visible scoping, confirmation, or target constraints. In an agent environment, such broad activation language can cause unintended invocation of a skill that recursively scans directories and generates files, leading to surprise filesystem access and unintended actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the skill traverses all files under /workspace/skills/ and writes audit reports, but it does not clearly warn about the breadth of filesystem access or the creation of output artifacts. This can mislead users about side effects, especially in shared or sensitive workspaces, and may result in unintended disclosure of file contents or overwriting assumptions about the workspace.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and generic, which increases the chance of unintended activation during normal conversation. In this context, accidental invocation is more dangerous because the skill scans an entire workspace subtree and writes a report file, causing unexpected file access and side effects without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description and output expectations do not clearly warn users that execution writes an audit report into the workspace. Missing disclosure of write behavior undermines informed consent and can lead to unintended persistence of potentially sensitive audit results in shared or monitored directories.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal