ClawHub

Software Manager Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent product-management helper with disclosed web research, local reference use, and optional export scripts; I found no hidden credential use, persistence, purchases, or destructive behavior.

Install only if you are comfortable with product details being used in web searches, optional Node/Python package installs for export features, and user-directed file writes. Choose export paths carefully and review generated documents or H5 prototypes before sharing; the H5 instructions contain mixed claims about zero external dependencies versus Tailwind CDN use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list is broad enough that the skill may activate for generic product, agile, or documentation queries without clear user intent to invoke this capability. In an agent environment, over-broad activation can cause unintended use of web search and local document access, expanding data exposure and causing the model to take actions the user did not explicitly request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises multi-source search and local knowledge-base access but does not clearly warn users that the skill may read local files and query the network as part of its workflow. This undermines informed consent and can lead to privacy or data-handling surprises, especially if prompts or generated content include sensitive business information.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The workflow explicitly performs network searches, but the description does not warn users that external queries may be made. This matters because user prompts may contain sensitive project details, and sending them to search or fetch tools without clear notice can leak confidential information.

Unvalidated Output Injection

High
Category
Output Handling
Content
os.unlink(mmd_path)
            return False

        result = subprocess.run(
            ['node', mm_script, mmd_path, output_path],
            capture_output=True, timeout=60
        )
Confidence
80% confidence
Finding
subprocess.run( ['node', mm_script, mmd_path, output_path], capture_output

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal