ClawHub

Council Of Llms

Security checks across malware telemetry and agentic risk

Overview

This skill’s main purpose is understandable, but it can launch multiple long-running subagents and write a workspace file while its safety text under-discloses those side effects.

Install only if you want ordinary review or analysis requests to potentially run a three-subagent council. Before use, confirm the task explicitly, choose the output filename yourself, and watch for existing `council-review-*` files that could be overwritten or clutter a sensitive workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill's Security & Safety section says there are 'no file reads/writes,' but earlier instructions explicitly say to write a synthesis to `council-review-[topic].md`. This is a documentation-to-behavior mismatch that can mislead users and downstream agents about side effects, reducing informed consent and potentially causing unexpected workspace modification.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad terms such as 'review,' 'analysis,' and 'decision,' which are common in normal conversation and can cause accidental invocation. Unintended activation is risky here because the skill spawns three subagents and may later write an output file, consuming resources and performing actions the user did not specifically request.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill instructs writing a synthesis file to the workspace without a user-facing warning that the workspace will be modified. Even though the write is limited to markdown output, silent modification can surprise users, overwrite existing files, or create artifacts in sensitive repositories or automated workflows.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal