ClawHub

Skill Fix Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate automation purpose, but it writes conversation-derived Python and local outputs with weak review and destination controls.

Install only if you are comfortable reviewing generated Python before running it. Use it on trusted conversations, avoid workflows containing secrets or private data, and check output paths, API URLs, generated .py files, and task logs before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports writing outputs to files and sending data to APIs, but it provides no guidance about data sensitivity, destination trust, consent, or exfiltration risks. In a workflow-solidification skill that automatically converts prior actions into reusable automation, this increases the chance that user data, intermediate results, or secrets are persisted or transmitted to unsafe locations without adequate review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The joiner writes generated Python code directly to disk without any confirmation, sandboxing, or trust boundary checks on the extracted execution chain or recognized parameters. Because the source material is an untrusted conversation, this can persist potentially unsafe or misleading code artifacts on the filesystem and normalize a code-generation-to-disk workflow without user review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The generated program can be configured to send output to files, APIs, or web destinations, yet this skill provides no in-band warning, approval gate, or destination validation. In the context of building executable workflows from conversation content, silent support for external output increases the risk of unintended data exfiltration or side effects once the generated script is run.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill supports an API output mode and will pass a user-provided api_url into downstream workflow generation based on conversation-derived content, yet it does not present a clear user-facing warning that data may be transmitted off-platform. In this context, the conversation can contain sensitive operational details, extracted data, or file references, so enabling remote transmission without explicit disclosure and confirmation increases the risk of unintended data exfiltration or privacy violations.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal