ClawHub

advanced-skill-creator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-creation helper, but users should treat its research claims and generated skill code as drafts that need review.

Install only if you want a helper for drafting OpenClaw skills. Before using its output, verify any claimed research manually, review generated SKILL.md triggers and scripts, and avoid providing secrets or private repository content unless you are comfortable with external research being used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function claims to consult official documentation and extract current guidance, but it only returns hardcoded data and never performs any real retrieval or validation. In a skill-generation context, this can mislead users and downstream agents into trusting fabricated or stale research results, producing unsafe or noncompliant skills while presenting them as standards-based.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The top-level description states the script executes a comprehensive official 5-step research flow, but the implementation is entirely simulated with fixed outputs and no real external consultation. This is dangerous because the skill may be used to generate or modify other skills under a false assurance of due diligence, increasing the chance of insecure design choices, policy bypasses, or operational mistakes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README states that the skill will automatically perform comprehensive research when triggered, but it does not disclose that this may involve external lookups or network access. That lack of transparency can cause unintended data exposure, surprise outbound requests, or policy violations in environments where external research must be explicitly approved.

Vague Triggers

High
Confidence
95% confidence
Finding
The activation condition is extremely broad, matching many generic phrases about creating skills, which can cause the skill to auto-trigger in situations the user did not intend. Because the skill then mandates a multi-step external research and generation flow, broad triggering can lead to unreviewed tool use, prompt hijacking of unrelated conversations, and unsafe creation of high-capability skills.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The repeated 'When to use' guidance reinforces broad trigger phrases without defining boundaries, exclusions, or safe handling rules. This increases the chance of accidental invocation and makes the skill more likely to override normal assistant behavior for loosely related queries, amplifying the impact of any unsafe downstream instructions.

Vague Triggers

High
Confidence
95% confidence
Finding
The documented trigger phrases are broad and generic, including common wording like '写skill' and '创建技能', which can cause the skill to activate during unrelated user requests. In a skill that performs research flow, network access, and skill generation, unintended activation can lead to unexpected external queries, prompt hijacking exposure, or generation of outputs the user did not explicitly request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file states that the skill requires network access and may use additional API credentials, but it does not clearly warn users what data may be transmitted externally or when credentials are needed. For a skill that processes arbitrary user requests about creating or modifying other skills, this can expose sensitive prompts, repository contents, or metadata to third-party services without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal