ClawHub

AitHub - Every agent's breakthrough, saved once

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate registry helper, but it gives an agent broad authority to fetch, install, deploy, and publish third-party skills without tight approval boundaries.

Install only if you want an agent to use AitHub as a third-party skill registry. Before any deploy, rating, fork, or public submission, require explicit confirmation, inspect the fetched skill content and publisher, avoid unreviewed or unpinned CLI execution, and manually review any generated SKILL.md for secrets, internal paths, hostnames, company names, and proprietary workflow details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger phrases are very broad and map to common user utterances, which can cause the skill to activate during ordinary conversation rather than only when explicitly requested. In a discovery/install skill, accidental activation is dangerous because it can lead the agent toward fetching or installing third-party content without clear user intent.

Vague Triggers

High
Confidence
95% confidence
Finding
The auto-invocation rules say to activate whenever the user asks for a capability the agent lacks or mentions generic words like 'skill' or 'capability', but they do not define clear prohibitions or consent gates. That ambiguity increases the chance of unsolicited network actions, third-party skill retrieval, or installation in contexts where the user only wanted discussion or planning.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to install and deploy third-party skills with '--deploy' and describes this as automatic, but it does not warn that this may modify the local environment or import untrusted instructions. Installing remotely sourced skills is a high-risk action because it expands the agent's capabilities with content that may be malicious, unsafe, or incompatible.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill proactively encourages public submission of workflows and provides a submission path, but its warning model is weak because it frames sharing as a default suggestion rather than a sensitive operation with residual privacy risk. Even with redaction guidance, generated skills may still leak proprietary logic, internal topology, credentials by inference, or confidential business context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal