ClawHub

system-repair-expert

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate repair helper, but it can expose sensitive troubleshooting details through external searches and memory persistence without clear consent or redaction controls.

Review before installing. Use it only when external search and memory-based troubleshooting are acceptable. Do not paste secrets, tokens, customer data, private hostnames, or full configuration files unless you have scrubbed them first. Ask the agent not to save troubleshooting details unless you explicitly want that, and manually review any proposed new skill or repair command before it is created or run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Low
Confidence
87% confidence
Finding
The manifest description presents the skill as a broad 'system repair expert' without defining clear activation triggers, boundaries, or excluded tasks. In a system-tools skill with internet access, file-system read, and memory recall, this ambiguity can cause overbroad invocation and encourage the agent to act on sensitive troubleshooting or repair requests outside a narrowly intended scope.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The description is written entirely in Chinese and effectively fixes the skill's behavior presentation to one language without indicating multilingual support or user-choice. This can cause misunderstanding of scope, instructions, and safety constraints for users or orchestrators expecting another language, increasing the chance of incorrect activation or unsafe use due to misinterpretation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation guidance is broad enough that the skill could be triggered for nearly any 'system, software, configuration, or error' issue, which increases the chance of unintended activation. In an agent environment, overbroad routing can expose users to irrelevant or risky automated repair advice, especially when the skill is described as automatically performing diagnostic and repair suggestions using external search and memory tools.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition activates on essentially any system, software, configuration, or error-fix request, making accidental invocation likely. In a troubleshooting skill that can search external sources, query memory, and eventually suggest scripts, overbroad activation increases the chance of collecting sensitive context or steering users into a rigid workflow when they did not intend to invoke this specialized behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill declares memory-system integration but does not warn users that troubleshooting inputs may be retained. Because repair workflows commonly include logs, configs, hostnames, tokens, paths, and environment details, silent retention creates a privacy and data-governance risk and can expose sensitive operational information beyond the current session.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is advertised for very broad categories of 'system, software, configuration, or error problems,' which overlaps heavily with ordinary troubleshooting requests and can cause over-invocation in contexts where the agent may gather sensitive logs, browse external sources, or suggest risky actions. In this skill's context, that broad trigger is more dangerous because later steps explicitly include searching GitHub and potentially writing repair scripts, expanding the blast radius from simple advice to network access and code generation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide says the skill will search official documentation, search GitHub, and as a last resort write a one-off fix script, but it does not clearly warn about network access, untrusted third-party content, or the risks of generating executable remediation steps. This is dangerous because users may provide sensitive system details without realizing they could be used in external queries, and community-sourced solutions or generated scripts can introduce supply-chain, prompt-injection, or destructive-command risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function sends a query derived from the user-provided problem description to an external web search service. Problem descriptions in a repair workflow can easily contain sensitive operational details, file paths, hostnames, credentials, or proprietary context, so transmitting them off-box without explicit disclosure or consent creates a real privacy and data-leakage risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code forwards the user-supplied problem description to an external search provider for GitHub-focused searching. Even though the destination is framed as searching GitHub solutions, the actual transmission still exposes potentially sensitive incident or system details to a third party, which is especially risky in troubleshooting and repair contexts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The ClawdHub skill search also transmits user-derived query content to an external search service without notice. In this skill's context, users may assume they are interacting locally with a repair workflow, so silent external transmission increases the likelihood of unintentionally leaking sensitive environment details, internal project names, or incident information.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to store the repair process and results in memory is dangerous because troubleshooting sessions often contain sensitive logs, configuration fragments, environment variables, file paths, usernames, internal topology, and sometimes credentials. Persisting this material creates a durable data-exposure surface and increases the blast radius of any later memory access, leakage, or misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal