ClawHub

PRD to Prototype

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent PRD-to-prototype generator, but it can auto-activate broadly, write workspace files immediately, and optionally deploy generated prototypes without a separate publish confirmation.

Install only if you want an opinionated, automatic prototyping workflow. Review the generated PRD before continuing, avoid confidential product details if deployment tools may publish a preview, and prefer explicit confirmation before allowing prototype generation or deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger condition is extremely broad: any product idea, need, pain point, or creative concept can activate the skill. That creates a prompt-squatting risk where ordinary conversation is unexpectedly intercepted, causing the agent to take over the interaction and begin writing files or steering workflow without clear user intent for this specific skill.

Vague Triggers

High
Confidence
95% confidence
Finding
The manifest description advertises vague trigger examples like '我想做一个...' and '帮我设计...', which are common in normal conversation and overlap with many unrelated design or brainstorming requests. In a skill-routing system, this increases the chance of unintended invocation and privilege use beyond what the user expected.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs writing `/workspace/docs/prd.md` immediately and automatically, but gives no user-facing warning that local files will be created or modified. This weakens user consent and can lead to unexpected workspace changes, especially when activation may already be too broad.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill proceeds to create files under `/workspace/prototype/` and may deploy the prototype if tooling is available, without an explicit warning or consent for either local changes or publication. Deployment materially increases risk because generated content or embedded assets could become externally accessible without the user realizing it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal