ClawHub

Skill Extraction

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only pattern extraction workflow that writes generated docs and skills, with no evidence of hidden data theft or destructive behavior.

Install and run this only on repositories you are comfortable having analyzed. Expect it to create or update docs/extracted/ and ai/skills/ files, review diffs before committing, check generated skills for secrets or confidential project details, and run the optional staging copy commands only after confirming the destination path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs copying generated artifacts into an external repository path, which extends its effects beyond the analyzed project and can cause unintended data movement or repository contamination. In an agent context, this is dangerous because extracted content may include sensitive architecture, design, or workflow details that a user did not intend to stage elsewhere.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The command documentation explicitly says it outputs generated content into `ai/skills/` and `docs/extracted/`, but it does not warn users that running the command will modify the repository working tree. In a skill that scans arbitrary codebases and generates reusable artifacts, silent write behavior can lead to unintended file creation, accidental commits of generated content, and trust-boundary issues when users expect analysis rather than mutation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "analyze this codebase" is broad enough to activate this skill for general repository analysis requests outside pattern extraction. That can cause the agent to apply file-writing and extraction behaviors in contexts where the user only wanted read-only analysis, increasing the chance of unintended modifications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs creation of directories and output files, and elsewhere also supports copying to staging locations, without prominently warning the user that it will modify the repository and potentially write outside it. In agent workflows, silent write behavior is risky because it can alter tracked files, create clutter, or propagate extracted internal information without informed consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The template’s `Triggers on [KEYWORDS]` placeholder encourages broad, unspecified activation phrases without requiring constraints, exclusions, or disambiguation guidance. In a skill-generation context, this can cause skills to auto-match on generic prompts and activate in unintended contexts, leading to overreach, prompt collisions, or accidental invocation of sensitive workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal