ClawHub

Skill Orchestra

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-routing helper; its main risks are imprecise routing and optional routing history retention, not hidden or destructive behavior.

Reasonable to install if you want a helper that routes tasks among skills. Keep normal approvals enabled for any downstream skills it recommends, especially skills that can automate the desktop, post publicly, modify data, or store memory, and avoid persisting raw prompts in routing history unless you have retention and redaction controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The loader claims to load the original implementation, but it actually instantiates the first class discovered in the module. This is dangerous because a modified or unexpected module can cause the wrapper to select an unintended class, triggering arbitrary constructor side effects or routing execution to the wrong implementation without validation. In a skill-loading context, this increases the attack surface because import-time and instantiation-time behavior from skill_orchestra.py is trusted implicitly.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The regex trigger patterns are very broad and match common terms like 'analyze', 'write', 'find', or 'create content', which can cause the router to infer skills from ordinary conversation with little specificity. In a routing system, that can misclassify requests, over-trigger capabilities, and send sensitive or high-impact tasks to inappropriate downstream agents, especially when integrated with automation-capable skills.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The pattern learner persists routing history to 'memory/routing-patterns.json', which may store context-derived data without notice, minimization, or access controls. If contexts contain proprietary, personal, or security-sensitive prompts, this creates a data retention and disclosure risk that can expose past user activity or leak sensitive information across sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal