ClawHub

Style Guide Generator

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for generating design style guides from user-provided websites, screenshots, and documents, with no included executable code, credentials, persistence, or hidden behavior found.

Use this skill for public or authorized websites and materials you are comfortable having analyzed for design attributes. Avoid providing confidential brand documents, internal URLs, or sensitive screenshots unless that processing is appropriate for your workspace, and review the generated PDF before sharing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is broad enough to trigger on common requests about style guides, brand guidelines, or design specifications without clearly constraining when it should be used. Over-broad routing can cause the agent to invoke this skill in situations involving sensitive business materials or unrelated content, increasing the chance of unnecessary data processing and unintended external access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow explicitly instructs fetching live websites and analyzing uploaded files and screenshots, but it does not require a user-facing notice or confirmation about external access and data handling. This creates a privacy and consent risk because proprietary URLs, internal documents, or sensitive visual assets could be processed or accessed without clear disclosure to the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal