ClawHub
Back to skill

Security audit

Frontier Knowledge Digest

Security checks across malware telemetry and agentic risk

Overview

This skill searches public science and AI news and saves a local markdown digest, with the file-writing behavior disclosed in the skill body.

Install this if you want full science and AI briefings from public sources. Be aware that common requests like asking for AI news may invoke the full workflow, and tell the agent not to save or to use a different path if you only want the digest in chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest presents the skill as generating a digest, but the documented behavior also performs a filesystem write to a local path. This is a real scope mismatch because users and platforms may authorize an informational skill without expecting persistent local side effects, which can reduce transparency and consent.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough to match common requests such as general science or AI news queries, increasing the chance of unintended invocation. In a skill that also performs web searches and may save output locally, accidental activation can lead to unnecessary external requests and unanticipated file creation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs saving reports to a local filesystem path without warning the user or requiring consent. Unannounced local writes are dangerous because they create persistent artifacts, may overwrite existing files, and can violate user expectations for a read-only informational request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal