ClawHub

KAIFA辅助SKILL01

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed structured development workflow, but its optional Git workflow can automatically create branches, use worktrees, merge to main, or create PRs without a clear per-action approval step.

Install only if you want an opinionated development workflow that may write plan/review files and coordinate sub-agents. Before using it in a real repository, require explicit confirmation for any Git branch, worktree, merge, or PR action, and avoid quick mode for authentication, payments, secrets, external I/O, or other sensitive code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill includes repository-mutating Git actions such as branch creation, worktree usage, merging, and PR-related workflow outside its core stated purpose, increasing its operational scope. This is dangerous because it can cause unintended source-control changes in the user's workspace or repository, especially if activated without a clear, explicit approval step for each Git operation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The natural-language triggers are broad enough to match ordinary development discussion, causing the skill to enter a high-automation workflow unexpectedly. In this skill's context, that matters because activation can lead to file writes, subagent spawning, and review/implementation flow without a narrowly scoped user intent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs the agent to write Plan and Review artifacts into the user's workspace under plans/ but does not clearly warn users up front that local files will be created. Hidden workspace writes are risky because they can surprise users, pollute repositories, or create unintended commits and data exposure through generated artifacts.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Automatic branch creation, merging, and related Git actions modify repository state and may have downstream effects on collaboration, CI, and deployment. Without clear warning and explicit consent, these actions can surprise users and create integrity and workflow risks disproportionate to a planning skill.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The quick variant can be triggered by vague phrases such as '简单' or '不用太正式', which are common conversational terms and may unintentionally route a task into a reduced-review path. Because quick mode explicitly skips security checks in Review, accidental activation can lower assurance for code that still has meaningful risk.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The strict variant uses broad terms like '核心功能' or '关键模块' that are open to interpretation, so the workflow may over-select strict mode. This is primarily a workflow integrity and usability issue rather than a direct security flaw, but ambiguous routing can make behavior unpredictable and weaken operator trust in the skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The review-only trigger includes a casual phrase like '帮我看下这个代码', which can match ordinary requests that are not meant to bypass planning and implementation steps. In this skill, review-only skips Assess and Plan entirely, so unintended activation can remove safeguards and lead to incomplete or context-free analysis of code changes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal