ClawHub

Skill Factory

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly purpose-aligned, but its publish workflow can upload content to ClawHub and has unsafe command construction that users should review before running.

Install only if you are comfortable auditing generated skills before publication. Avoid running the publish command on untrusted skill directories or SKILL.md files until the execSync string commands are replaced with argument-array execution, and confirm the ClawHub account, package contents, and absence of secrets before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to publish to ClawHub but does not warn that this sends data to an external service and may create an irreversible or publicly visible artifact. In an agent context, omission of an explicit confirmation step can lead to accidental exfiltration of proprietary code, credentials embedded in files, or unintended publication of internal work.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The publish path performs packaging and then invokes an external network publication command (`npx clawhub@latest publish`) without a clear interactive confirmation or prominent warning about side effects. In a skill-factory context, users may treat this as a local scaffolding tool and unintentionally publish sensitive or unreviewed content to a remote registry.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal