Back to skill

Security audit

Skill Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to publish skills to ClawHub, but its activation and visibility warnings are too loose for an action that can make local content public.

Install only if you want an agent to help publish local skills to ClawHub. Before using it, verify the exact directory, slug, version, and account, inspect the files for secrets or proprietary content, and require an explicit confirmation before any publish command is run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase “发布到市场” is broad and can overlap with ordinary user intent, increasing the chance that the skill is invoked when the user did not explicitly mean to publish a local skill to a real public marketplace. Because this skill performs an external side-effecting action with public visibility, ambiguous activation materially raises the risk of unintended publication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes upload/publish behavior but does not prominently warn that it may execute a real publication to the ClawHub marketplace and affect public visibility. Users may therefore authorize or trigger the skill without understanding that it can publish local content externally, risking accidental disclosure of proprietary, sensitive, or unfinished skills.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.