ClawHub

WPS Web Builder

Security checks across malware telemetry and agentic risk

Overview

This is a coherent web-building skill, but it gives the agent broad authority to write project state, install dependencies, run builds, and expose a dev server without clear opt-in.

Install only if you are comfortable with a web-building assistant that can create many files, keep a local plan file, install packages, run builds, and start a preview server. Use it in a non-sensitive project directory, review generated package files before installs, and prefer localhost-only serving unless you intentionally want LAN access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough to activate on many ordinary web-related requests, which can cause the skill to take over conversations unexpectedly and steer the agent into file creation, dependency setup, and execution workflows without sufficiently explicit user intent. In this skill, overbroad activation is more dangerous because later phases instruct writing files and running local commands.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires checking for and creating `.web-builder/plan.md`, then repeatedly updating it, but does not require notifying the user that workspace files will be created or modified. Silent persistence can surprise users, overwrite prior work artifacts, and create unwanted state that affects later runs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
These instructions direct the agent to install dependencies, build the project, and start local services without an explicit safety notice or confirmation that subprocesses will be executed and the local environment changed. In the context of a code-generation skill, this materially increases risk because package installation and server startup execute untrusted third-party code and can consume network, disk, and CPU resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal