ClawHub

Claw Find Skills

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can steer broad everyday requests into third-party skill discovery and non-interactive global installation.

Review before installing. Use it only if you want an agent to search skill marketplaces, do not allow automatic installs, inspect each suggested skill and publisher, and prefer install commands without `-g` or `-y` unless you intentionally want a global install that skips prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
92% confidence
Finding
The skill’s activation guidance is broad enough to match very common requests like 'how do I do X' or 'can you do X', which can cause the agent to invoke this skill in many routine conversations. Because this skill leads users toward discovering and potentially installing third-party packages, over-triggering increases the chance of unnecessary exposure to unvetted external code and supply-chain risk.

Vague Triggers

High
Confidence
94% confidence
Finding
The invocation table includes ambiguous scenarios such as asking for help, asking about capabilities, or expressing general interest in extending functionality, without clear boundaries. In practice, this can make the skill activate for benign conversational queries and steer users toward marketplace results and install paths they did not explicitly request, increasing social-engineering and supply-chain exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README recommends `npx skills add <owner/repo@skill> -g -y`, which performs global, non-interactive installation of third-party skills with no safety warning, trust guidance, or review step. That is dangerous because it normalizes silent installation of externally sourced code or agent extensions, reducing user awareness and increasing the likelihood of malicious or unsafe skills being installed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description uses broad discovery-oriented phrasing like 'how do I do X' and 'can you do X', which can cause this skill to activate for many generic requests rather than only explicit skill-search intents. That increases the chance the agent steers users toward installing external packages when they only wanted normal assistance, expanding attack surface and creating unnecessary package-management actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation guidance is ambiguous and lacks constraints, telling the agent to use the skill whenever a request 'might' map to an existing skill or when the user merely expresses interest in extending capabilities. In context, this can over-trigger package discovery and normalize recommending third-party skills without clear necessity, which is risky because this skill directly leads to installation flows.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly recommends `npx skills add <owner/repo@skill> -g -y`, which performs a global install and suppresses confirmation prompts. This is dangerous because it encourages unattended installation of external code or configuration from remote sources with system-wide effect, reducing user visibility and making accidental or malicious package installation more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal