ClawHub

Autooptimise

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate optimizer, but it can run live tests against other installed skills and its scheduling and network disclosures are too broad for that level of access.

Install only if you want an agent to inspect, benchmark, and potentially edit other skills. Before each run, confirm the exact target skill, review the benchmark prompts and planned tools, avoid heartbeat scheduling for account-connected or mutating skills, and approve SKILL.md diffs only after checking they do not broaden authority or weaken safety rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The README makes a strong safety claim that changes are never auto-applied without explicit approval, but the scheduling section describes heartbeat-based automatic invocation. That inconsistency can cause operators to enable unattended runs under the false assumption that human review will always gate modifications, increasing the chance of unreviewed changes or unsafe autonomous behavior.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The README claims there are no network calls beyond the model provider, yet elsewhere it explicitly describes live API/CLI calls to external services such as wttr.in and GitHub. This misleading trust signal may cause users to run the skill in restricted or sensitive environments while underestimating data egress, external side effects, or exposure of repository/context data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The HEARTBEAT instruction is broad enough to trigger the skill automatically based on age alone, without requiring scope limits, confirmation, or environmental checks. In a system that can benchmark arbitrary installed skills and propose modifications, this creates a realistic risk of unintended recurring execution against sensitive or unsuitable skills.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase "improve my skill overnight" is broad and conversational enough to match common user requests that may not clearly indicate intent to run this optimization skill. In an autonomous skill that benchmarks and proposes changes to other skills, ambiguous activation increases the risk of unintended invocation, unnecessary access to other skill files, and confusing or disruptive behavior.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal