ClawHub
Back to skill

Security audit

Project Truth Audit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a repo-audit skill whose broad file-reading behavior matches its stated purpose, but users should invoke it only when they really want a whole-repository review.

Install this only if you want an agent to perform broad repository audits. Before using it on a private or sensitive repo, make sure secrets, credentials, and unrelated private files are not in scope, and invoke it explicitly when you want a whole-repo review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to read broadly across a repository (`AGENTS.md`, configs, docs, tests, scripts, artifacts) but does not declare any explicit permissions. That creates a capability/permission mismatch: the skill's effective behavior depends on unrestricted file reads, which can violate least-privilege expectations and lead to unintended access to sensitive files during a whole-repo audit.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description contains many broad natural-language phrases like 'reality check', 'what is wrong with the actual system shape', and several audit variants. Overly broad invocation criteria can cause the skill to run unexpectedly, leading to unnecessary whole-repo inspection and expanded data exposure in contexts where the user did not intend a deep audit.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt uses broad trigger language like 'project truth audit' and 'whole-repo reality check' for a skill that inspects the repository root, which can overlap with ordinary user requests for review or planning. Because implicit invocation is enabled, the agent may activate this skill unexpectedly and perform wide-scope repo inspection when the user did not clearly intend that behavior, increasing the chance of over-collection, confusing control flow, or unintended disclosure of repository contents.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal