ClawHub
Back to skill

Security audit

Edit Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed workflow for reviewing or editing existing agent skills, with no evidence of hidden data access, persistence, exfiltration, or destructive behavior.

Install this only if you want an agent to help maintain skill files. Because it can patch skill instructions when explicitly used in edit-in-repo mode, review diffs carefully before accepting changes, especially changes touching safety boundaries, triggers, tools, or output contracts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt and implicit invocation policy create a broad activation surface for ordinary editing requests, which can cause this skill to trigger in contexts the user did not intend. Because the skill is authorized to edit existing agent skills, accidental invocation could lead to unintended modification of prompts, policies, or safety boundaries in other skills.

Self-Modification

High
Category
Rogue Agent
Content
description: Use when asked to review, edit, tighten, shorten, deduplicate, clean up, or remove slop from an existing agent skill while preserving behavior. Use for skill files that need clearer triggering, shorter instructions, stale reference cleanup, host-compatible frontmatter, or fixes for vague, repetitive, outdated, unsupported, or hard-to-apply rules.
---

# Edit Skill

Use this for existing skill files. The job is to improve agent behavior, not to
make the prose sound nicer.
Confidence
89% confidence
Finding
Edit Skill

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal