ClawHub

Requirement Agent

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is a disclosed workflow helper for clarifying routine code changes, with some broad auto-execution defaults users should review.

Install this if you want a skill that asks clarifying questions and can move quickly on routine code edits. If you prefer approving every code change, tighten or disable the auto_execute settings, especially single_file, rename, and code-organization entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad enough to match many ordinary coding requests such as 'optimize', 'refactor', 'improve', or 'rename', which can cause this skill to activate in situations where a more specific or user-chosen workflow would be preferable. That creates a prompt-routing/control risk: the agent may unnecessarily enter a clarification/confirmation flow, alter expected behavior, or preempt other skills, reducing predictability and potentially enabling unsafe execution decisions if the routing logic is relied on for safeguards.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-execute rules are broad enough to allow the agent to proceed on loosely specified editing requests such as commenting, formatting, renaming, or 'directly change it' without first validating scope or side effects. In a code-modification skill, these categories can still alter behavior, break references, or touch sensitive files if the request is underspecified, so the configuration increases the chance of unsafe autonomous edits.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal