ClawHub

Skill Composer

Security checks across malware telemetry and agentic risk

Overview

This workflow-composer skill appears purpose-aligned, but it gives workflows broad authority and includes unsafe condition evaluation that needs review before installation.

Install only if you trust the workflow files you will run and are comfortable with a composer that can invoke any installed skill. Review workflows before execution, avoid untrusted workflow manifests, and require explicit confirmation before steps that write files, call external services, publish content, or use credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

eval() call detected

High
Category
Dangerous Code Execution
Content
condition = condition.replace(placeholder, str(var_value))
        # 安全评估
        try:
            return eval(condition, {"__builtins__": {}})
        except:
            return True  # 默认执行
Confidence
99% confidence
Finding
return eval(condition, {"__builtins__": {}})

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The workflow manifest can provide arbitrary condition expressions, and the implementation evaluates them as Python code. That is far more powerful than needed for workflow gating and creates a code-execution surface controlled by untrusted YAML. Because this tool is specifically designed to process external workflow definitions, the context makes the issue more dangerous, not less.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation promotes one-command automation for multi-step workflows including video processing, data handling, file output, and publishing to external platforms, but it does not warn users that execution may trigger impactful real-world actions. In a workflow-composition skill, this omission is more dangerous because the tool amplifies the effect of a single command across multiple downstream skills.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The manifest declares "skills": ["*"], which grants this composer the ability to orchestrate every installed skill without restriction. In a workflow/orchestration skill, that broad scope materially increases blast radius: a malicious or unsafe workflow file could invoke sensitive skills unexpectedly, combine capabilities in dangerous ways, or bypass least-privilege expectations users may have for individual skills.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal