ClawHub
Back to skill

Security audit

Ai Intelligent Knowledge Qa

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent as a knowledge Q&A product, but it asks users to clone and run unpinned external Python code while under-declaring expected GPT, channel, data, and credential requirements.

Review this carefully before installing. Do not run the clone/pip/python commands with production credentials or sensitive knowledge sources until the external repository, requirements.txt, app.py, required environment variables, data retention behavior, and channel access controls are documented and reviewed. Prefer running it in an isolated environment pinned to a specific commit or release.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description and feature list are very broad and do not define clear activation boundaries, data sources, or permitted operations. In an agent ecosystem, this can cause overbroad invocation and unintended handling of sensitive enterprise knowledge, customer queries, or externally sourced prompts, increasing the risk of data exposure and misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation advertises GPT integration and multi-channel access but provides no warning about external API transmission, retention, or the movement of user data across web, WeChat, and API channels. This is dangerous because users or operators may unknowingly send confidential or regulated information to third-party AI providers or expose it through improperly governed channel integrations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.