ClawHub

Meta-Skill Orchestration Surface

Security checks across malware telemetry and agentic risk

Overview

This is a coherent orchestration skill, but it can route into powerful account, deployment, file, and public-posting workflows without enough clear boundaries.

Install only if you want a broad orchestration layer. Before using it, require explicit approval before connected-account access, CHECKPOINT or full-state sharing, execution logging, file writes, connector or plugin creation, cloud provisioning, deployments, package publishing, or public social posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger phrases are extremely broad and include common user language such as 'what can you do', 'show me everything', and 'activate', which can cause the skill to activate in many normal conversations unrelated to explicit orchestration. Because this is a meta-skill with visibility into tools, connectors, marketplaces, and other skills, accidental invocation could expose internal capability inventory or route execution toward higher-risk actions without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The routing logic operates on general intent categories like domain match, capability match, and discovery without clear boundaries, exclusions, or user confirmation requirements. In a meta-orchestration skill, this ambiguity increases the chance of overreach: the skill may infer permission to search registries, compose new chains, or suggest capability extension when the user only asked a general question.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger lists include common, ambiguous phrases such as broad discovery and orchestration terms that can match routine user requests. In a meta-skill that inventories tools and routes to many powerful integrations, overly broad activation increases the chance of unintended invocation, capability disclosure, or accidental chaining into higher-risk tools.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Generic trigger terms like "profile," "explore," "quality," "synthesize," and "tasks" are too underspecified to safely govern routing. Because this file defines a large activation surface across many domains, vague criteria can cause the wrong skill to activate on normal conversation, leading to unintended data access paths or workflow execution.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Triggers such as "meeting prep," "research company," "shortcut," and "create plugin" are everyday expressions that can be encountered in benign chat but map to capabilities that may access external systems or create automation artifacts. In this orchestration layer, broad business-language triggers heighten the risk of accidental activation and misuse of connected tooling, especially plugin and automation functions.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase set for the Daily Operations Pipeline includes broad natural-language prompts such as "start my day" and "daily update," which can easily match benign conversational requests and cause the system to activate a workflow that loads memory, reads calendar data, performs searches, and updates task files. In an orchestration skill whose purpose is activation and chaining, over-broad triggers materially increase the chance of unintended execution of multi-step actions touching sensitive personal and workspace data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The Edge Deployment Pipeline is activated by vague phrases like "set up infrastructure," which could be interpreted in many harmless contexts but here maps to resource creation across Cloudflare, code generation, deployment, and validation. Because these actions provision billable infrastructure and expose services, ambiguous activation language can lead to unintended creation of external resources and accidental publication of code or data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This pipeline describes creating databases, KV namespaces, buckets, writing worker code, and deploying a frontend without any warning that it may provision cloud resources, incur cost, expose endpoints, or persist user/application data. In a self-aware orchestration skill that proposes activation plans, omission of these warnings makes accidental high-impact execution more likely because users may not realize they are authorizing real infrastructure changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Daily Operations Pipeline accesses memory/context, retrieves Google Calendar events, performs cross-source searches, and updates TASKS.md, yet it does not disclose that personal schedule data will be accessed or that local/project task files may be modified. This is dangerous because users may trigger it with casual phrasing and unknowingly authorize access to sensitive calendar metadata and file writes within their workspace.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Content Monetization Pipeline includes generating content, scoring it, publishing to X/social via a browser-integrated tool, and recording a publication event, but does not warn that it may post publicly under the user's account. In an activation/orchestration context, this omission is especially risky because a user could intend drafting assistance but inadvertently trigger irreversible public publication and reputational harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal