ClawHub

缺陷预防专家

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only QA review skill with no executable code or credential handling, but users should explicitly approve any knowledge-base edits it proposes.

Install this if you want structured QA and defect-prevention review. Treat its reports as advisory, and only allow it to edit checklists, examples, templates, or track follow-up tasks after you confirm the target files and approve the changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a review and defect-prevention expert, but the workflow expands into implementation guidance and post-review knowledge-base maintenance. That broadens the effective authority of the skill beyond analysis into operational and persistent actions, which can cause unintended side effects or make the skill act outside user intent.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Requiring the skill to track task completion after review extends it from analysis into workflow orchestration and ongoing state management. For a reporting-oriented skill, this can create unauthorized persistence, follow-up actions, or pressure to retain task state that the user did not request.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Stage 5 introduces coding and implementation guidance despite the manifest explicitly saying the skill is not for concrete code work. This mismatch can misroute users into receiving implementation advice from a skill that should remain review-focused, increasing the chance of overreach and unsafe or unauthorized code-generation behavior.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Phase 8 instructs the skill to modify local knowledge files and update persistent artifacts. A review/report skill should not assume write authority over repository content, because that can lead to unapproved file changes, prompt-scope expansion, and persistence of potentially incorrect or attacker-influenced information.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The trigger keywords are broad enough to match many ordinary review requests, which can cause the skill to activate in contexts where it is not the best fit. Over-broad activation increases prompt-surface area and can lead to scope confusion or accidental use of this skill instead of a more constrained one.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal