ClawHub

Singleshot Prompt Testing

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only prompt-testing skill whose provider calls, API keys, and report files fit its stated purpose, but users should handle prompts and outputs as potentially sensitive.

Install only if you intend to use the singleshot CLI. Verify the upstream Homebrew tap, Cargo crate, or source repository; use scoped provider API keys with spending controls; avoid testing secrets, customer data, confidential prompts, or sensitive images with third-party providers; and protect or delete generated reports when they contain raw prompts or model outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to configure API keys and send prompts to remote providers, but it does not clearly warn that prompts, system instructions, and possibly sensitive data will be transmitted to third-party services. In a prompt-testing skill, users are especially likely to paste real prompts, internal workflows, or proprietary data, so the omission creates a meaningful risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Vision and MCP examples encourage sending a local image file and connecting to an MCP endpoint without warning that file contents and tool traffic may be transmitted outside the local environment. This is dangerous because users may assume these are harmless test commands and inadvertently expose sensitive images, documents, or internal service data to remote providers or untrusted endpoints.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The release notes advertise openclaw skill triggers such as 'prompt testing, optimization, benchmarking' without defining scope, required confirmation, or safety boundaries. In an agent environment, vague trigger phrases can cause over-broad invocation or unintended execution paths, increasing the chance that sensitive prompts, provider choices, or report destinations are acted on without sufficient user intent validation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The notes state that reports include 'Full response content' and earlier describe saving reports in markdown, but provide no warning that prompts and model outputs may contain secrets, proprietary data, or regulated information. This can lead users to persist sensitive content to disk or share reports broadly, creating avoidable data exposure through local files, version control, or collaboration channels.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill repeatedly instructs users to send prompts, images, and config files to third-party providers such as OpenAI, Anthropic, OpenRouter, and Ollama, but never warns that this content may leave the local environment and be transmitted to external services. In a prompt-testing workflow, users may reasonably include proprietary prompts, internal documents, screenshots, or API-linked configuration data, so the omission creates a real risk of unintended data disclosure.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "test prompt" is broad and can match ordinary user requests that are not intended to invoke this skill. In an agent environment, ambiguous activation increases the risk of unintended skill execution, which could route user data into benchmarking or external model-comparison workflows without clear user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "optimize prompt" is highly generic and overlaps with many normal assistant requests. This makes accidental activation plausible, especially because the skill appears to perform prompt benchmarking and may involve provider APIs, increasing the chance of unintended external processing or unexpected actions.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger "compare models" is overly broad because it matches a common conversational request unrelated to this specific skill. Given the skill's benchmarking and cost-analysis purpose, unintended activation could cause unnecessary tool use, confusion, or transmission of prompts to configured model providers.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal