ClawHub

Skill Test Skill

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill auditor whose broad file reading is disclosed and aligned with its purpose, but users should avoid pointing it at directories that may contain secrets.

Install only if you want an agent to audit skill directories. When using it, provide a narrow skill folder or a sanitized copy, not a whole workspace, home directory, or repository containing API keys, private configs, credentials, or unrelated proprietary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

High
Confidence
92% confidence
Finding
The suggested trigger condition is overly broad and says the skill must activate whenever any time-related words appear. In an agent environment, this can cause inappropriate invocation, expand the skill's influence into unrelated tasks, and increase the attack surface for prompt hijacking or workflow interference.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrases are broad enough that the skill may activate during ordinary conversation about reviewing or discussing skills, even when the user did not intend to invoke this specific tool. Overbroad triggering can cause inappropriate skill selection, unnecessary file/repo access, and confusion or unsafe downstream behavior if the agent analyzes unintended paths or content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to recursively read every file in a local directory or fetch every file from a GitHub URL, with no filtering, minimization, or warning about secrets and unrelated sensitive content. In practice, this can cause unnecessary exposure of credentials, personal data, or proprietary files to the model context when a user provides a broad path or repository, especially if the repository contains non-skill materials.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal