ClawHub

M A3 Core Suite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed business-operations routing skill with some broad triggers and data-sharing cautions, but I found no hidden, destructive, persistent, or exfiltrating behavior in the artifacts.

Install only if you want a broad business-operations routing assistant. Keep confidential customer, supplier, pricing, credentials, and strategy details out of task context unless you trust the receiving agent or service. If you run the REST API, keep it local or add authentication and tighter CORS/network binding before exposing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the host to read local files from the references/ directory and other package content, but it declares no explicit permissions or user-facing notice about that capability. This creates a trust and containment gap: a host may grant broader file access than users expect, and future edits could extend reads beyond intended knowledge files without any permission boundary.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger condition covers broad categories like business operations, e-commerce, manufacturing, foreign trade, and multi-agent collaboration, which can match ordinary conversation unrelated to this skill. Over-broad invocation can cause unintended activation, unnecessary data processing, and routing of user requests into workflows or external services the user did not mean to use.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Several trigger phrases are generic terms such as Multi-Agent, 智能运营, 幕僚, 产业互联网, and 外贸运营, which are common in normal discussion and not unique identifiers for this skill. This increases the chance of accidental invocation and inappropriate context capture or action planning when the user is merely asking a general question.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill describes cross-Agent collaboration via the external Agent World API but does not warn users that task content may be transmitted off-platform. If invoked on sensitive business inputs, this can leak proprietary plans, operational data, or personal information to a third-party service without informed consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes multiple broad generic terms such as 'Multi-Agent', '智能运营', '幕僚', and industry-role phrases that can match ordinary discussion instead of an intentional skill invocation. In an agent ecosystem, overly broad triggers can cause unintended routing or activation, exposing users to unsolicited actions, misleading responses, or prompt-space hijacking by causing this skill to be selected in contexts where it does not belong.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The ChiefOfStaff entry-point is triggered by very generic keywords like '帮我', '分析', '查询', '制定', and '优化', which overlap with ordinary user requests across many domains. This can cause overbroad routing and unintended capture of requests meant for more specialized agents, increasing the chance of misrouting, policy bypass through the wrong agent path, or exposure of tasks to an agent with broader orchestration privileges.

Ssd 3

Medium
Confidence
98% confidence
Finding
The dispatch instruction serializes and includes the entire task context in plain text, then returns it as part of the execution result. If callers place secrets, personal data, API tokens, internal URLs, or customer records into context, this design can leak sensitive information to downstream agents, logs, or end users, especially in a multi-agent orchestration system where data is broadly propagated.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal