ClawHub

jest-unittest

Security checks across malware telemetry and agentic risk

Overview

This Jest testing skill fits its stated purpose, but it needs review because unvalidated component names can drive shell commands and cleanup paths.

Install only in trusted Jest projects, avoid untrusted component names or generated config, and review all test edits before committing. The publisher should validate component names, constrain cleanup paths to the intended coverage directory, and replace shell-string execSync calls with argument-array execution before this is treated as low-risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README states that on first use the AI will automatically guide configuration and may create `source.json` and regenerate `config.json`, including overwrite behavior, without an explicit warning or confirmation step before modifying files. In a skill that operates inside a user's project, silent file creation or replacement can cause unintended workspace changes, confusion, or accidental loss of manual edits, especially because users are told they usually do not need manual operation.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger description includes many broad, everyday phrases such as references to unit tests, failures, coverage, and component testing, which can cause the skill to activate in situations where the user did not intend to invoke this workflow. In an automated agent setting, overbroad activation can lead to unnecessary file changes, test execution, or configuration actions in the wrong project context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad, common requests such as '写单测', '补充测试', and '运行单测', which can overlap with ordinary conversation and cause the skill to activate unintentionally. Because this skill has powerful tools including Bash, Edit, Write, and Task* operations, an accidental trigger could lead to unsolicited code modification and command execution in the repository.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script interpolates the untrusted `componentName` directly into `config.testOneCommand` and passes the resulting string to `execSync`, which invokes a shell. If an attacker can control the component name or influence the command template, they may inject shell metacharacters and execute arbitrary commands in the project root. In this skill context, the script is explicitly designed to run tests automatically based on user-provided component names, which makes the sink more reachable and therefore more dangerous.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script takes `--name` from argv, interpolates it into `config.testOneCommand`, and executes the result via `execSync(..., { shell: true })`. If an attacker can influence the component name or upstream invocation, shell metacharacters can trigger arbitrary command execution in the project context, which is especially risky because this skill is designed to run developer test commands automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal