ClawHub

Dvp Composer

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate DVP document-generation workflow, but it should be reviewed because it directs agents to overwrite workspace files without asking first.

Install only if you are comfortable with the skill creating and replacing files under dvp_workspace during normal use. Run it in a fresh project or backup existing DVP outputs first, and prefer a version that asks before overwriting files. VirusTotal was pending and is not a basis for this verdict; the Review decision is based on the artifact’s explicit overwrite behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to read local files via the Read tool and phase reference files, but no permissions are declared. This creates a capability/permission mismatch that can lead to unintended file access if the platform relies on declared permissions for policy enforcement or user awareness.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to write multiple files into `dvp_workspace/` without any user-facing notice, confirmation, or constraint checks around workspace modification. While the behavior appears functional rather than malicious, silent file creation/modification can surprise users, overwrite prior work, or be abused if later combined with path manipulation or unsafe file-handling logic elsewhere in the skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to write multiple files into `dvp_workspace/` as part of normal execution, but it does not require any explicit user-facing disclosure or consent immediately before those modifications occur. In an agent setting, silent file creation or overwriting can violate user expectations, cause unintended state changes, and make it easier for a prompt or workflow to mutate project artifacts without clear authorization.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Step 6 explicitly requires writing all deliverable files before presenting the summary, which means the agent is directed to modify workspace state prior to any final user review or warning. This increases the risk of premature or unwanted file changes, including overwriting prior work or appending inaccurate assumptions, before the user has a chance to validate the proposed strategy.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill hard-codes the query language choice to Chinese, English, or bilingual, which can improperly constrain user preference and exclude other languages without explicit consent. In a clinical-trial DVP drafting workflow this is mainly a policy and usability issue, but it can still cause incorrect outputs, reduce accessibility, or lead users to accept a language they did not request.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
2. At each phase's [Done] step, write all deliverable files to `dvp_workspace/`
3. At the start of each phase (except Phase 1), read the previous phase's deliverable files first
4. File names are hard-coded in each phase instruction — do not rename them
5. Overwrite existing files without asking for confirmation
6. All files use Markdown format. The only exceptions are: `dvp_content.json` (JSON), `DVP_<ProtocolNumber>_v1.0.xlsx` (Excel), and any user-provided template files.

### Cross-Phase File: assumptions-and-gaps.md
Confidence
89% confidence
Finding
without asking

Self-Modification

High
Category
Rogue Agent
Content
2. At each phase's [Done] step, write all deliverable files to `dvp_workspace/`
3. At the start of each phase (except Phase 1), read the previous phase's deliverable files first
4. File names are hard-coded in each phase instruction — do not rename them
5. Overwrite existing files without asking for confirmation
6. All files use Markdown format. The only exceptions are: `dvp_content.json` (JSON), `DVP_<ProtocolNumber>_v1.0.xlsx` (Excel), and any user-provided template files.

### Cross-Phase File: assumptions-and-gaps.md
Confidence
90% confidence
Finding
Overwrite existing file

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal