ClawHub
Back to skill

Security audit

Skill Distill

Security checks across malware telemetry and agentic risk

Overview

The skill appears legitimate, but its publish workflow can upload project-derived files to ClawHub without enough in-skill warning or review guardrails.

Review the generated skill directory before publishing, especially for secrets, proprietary code, private paths, customer data, or identifying metadata. Treat `clawhub publish` as an external upload, and only run it after you understand exactly which files are included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to publish the generated skill to an external service (`clawhub publish`) without an explicit warning that local project content, metadata, or residual sensitive material may be transmitted off-host. In a skill specifically designed to distill local projects, this omission increases the risk of accidental data exfiltration if scanning or validation is incomplete or misunderstood.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The checklist explicitly requires frontmatter name/description to be English-only, which imposes an unnecessary language restriction without any documented technical or security justification. In a publishing/distillation skill, this can lead to exclusion of legitimate multilingual content and unsafe normalization behavior where users are pushed to alter metadata in ways that may misrepresent intent or reduce accessibility.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal