ClawHub

creator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed helper for creating and packaging skills; its file writes and scripts fit that purpose, but users should review paths and generated skill contents carefully.

Install this only if you want an agent to help create or modify skills. Run it in a trusted workspace, avoid elevated privileges, choose output paths inside your project or user skill directory, and review generated SKILL.md files and scripts before installing, sharing, or relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs the agent to read, write, validate, and package files and to run local scripts, which are meaningful execution capabilities, but it declares no permissions or constraints. In a skill that can create and modify arbitrary skill contents, hidden capability assumptions increase the risk of unintended filesystem changes or command execution without clear operator awareness.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description triggers on creating or updating a new skill in very broad terms, without narrowing to trusted inputs, safe environments, or excluded high-risk cases. Overly broad activation can cause this skill to engage in contexts involving untrusted repositories or prompts, increasing exposure to prompt-injection, unsafe editing, or unintended automation.

Self-Modification

High
Category
Rogue Agent
Content
1. Understand the skill with concrete examples
2. Plan reusable skill contents (scripts, references, assets)
3. Initialize the skill (run init_skill.py)
4. Edit the skill (implement resources and write SKILL.md)
5. Package the skill (run package_skill.py)
6. Iterate based on real usage
Confidence
92% confidence
Finding
write SKILL

Self-Modification

High
Category
Rogue Agent
Content
Any example files and directories not needed for the skill should be deleted. The initialization script creates example files in `scripts/`, `references/`, and `assets/` to demonstrate structure, but most skills won't need all of them.

#### Update SKILL.md

**Writing Guidelines:** Always use imperative/infinitive form.
Confidence
90% confidence
Finding
Update SKILL

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal