ClawHub

Sign-Off

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed signature/customization helper with only low-impact local persistence concerns.

Install this if you want every completed AI response to end with a persistent signature. Keep sign-off.json limited to harmless display text, review it after changing styles or templates, and avoid weather-based variables unless you are comfortable with possible location-based lookup behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill authorizes modifying `sign-off.json` based solely on a user's conversational request, expanding a simple output-formatting skill into workspace state mutation. That creates an unexpected write primitive in response to natural-language input, which can be abused for unauthorized or silent configuration changes.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Allowing template installation from `templates/` and merging into `sign-off.json` introduces file-read and configuration-management behavior unrelated to merely appending a signature. This broadens the attack surface because a prompt can trigger persistent config changes and trust content from local template files without clear validation boundaries.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documented use of a weather API to populate signature variables adds network access that is unnecessary for a sign-off formatting feature. Unneeded outbound requests can leak timing, context, or location-related metadata and create opportunities for unintended data exposure or dependency abuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to update `sign-off.json` based on conversational input and to merge preset templates from `templates/` into that workspace configuration, but it does not require explicit confirmation, preview, or scope limits before modifying files. Any capability that writes to the workspace from natural-language prompts can be abused to create persistent behavior changes, especially because this skill runs broadly at the end of responses and the configuration influences future outputs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to update `sign-off.json` without requiring a user-facing warning that a workspace file will be modified. Silent persistence is dangerous because users may believe they are making a temporary stylistic request when they are actually changing stored configuration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Reading templates and merging them into `sign-off.json` without warning hides the fact that preset installation changes existing persistent configuration. This can cause unexpected overwrites or cumulative state changes that the user did not clearly authorize.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal