ClawHub

Skill Review Pro

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill-review tool with an optional, user-confirmed fix workflow, not a hidden or automatic modifier.

Install only if you are comfortable with a skill that can read local Skill files and, when you explicitly proceed through its fix workflow, edit the selected Skill. Review the proposed diffs before approving fixes, especially when using broad prompts like "improve" or "enhance".

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest frames the skill as a static reviewer, but the body also includes fix execution and direct modification workflows. This capability mismatch can cause users or calling systems to grant broader trust than intended, and can lead to unintended file changes when the skill is invoked for what appears to be read-only analysis.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The Chinese responsibility boundary states that the skill must not modify the target Skill, but later sections instruct it to execute fixes. Contradictory safety boundaries are dangerous because downstream agents may follow the more operational instruction and perform writes despite an apparent non-modification guarantee.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The English section repeats the same contradiction: 'Never modify the target Skill' is followed by explicit fix execution workflows. In bilingual skills, inconsistent or conflicting operating rules increase the chance of unsafe behavior because the model may privilege the later procedural instructions over the earlier boundary.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad and overlap with ordinary review or improvement requests, making accidental activation likely. In a skill that can transition from review into fix workflows, loose matching increases the risk of invoking higher-impact behavior without the user clearly intending it.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The fix-related modes can be triggered by generic words like 'improve' or 'directly fix', which are common in harmless discussion. Because these phrases can switch the skill into a repair workflow, ambiguous activation creates a pathway from advisory interaction to modification-oriented behavior without sufficiently explicit consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal