ClawHub

Skill Creator

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for creating and evaluating skills, but its local review tooling has under-disclosed side effects that can affect the user's machine.

Install only if you are comfortable with a skill that can create and modify other skills, run Claude CLI evaluations using your existing session, and generate local review pages. Avoid running the viewer on a port used by important local services, prefer the static report mode when possible, and do not include secrets or proprietary content in eval prompts or skill files unless you are comfortable sending that content through Claude and possibly storing it in local reports/logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script forcibly terminates whatever process is listening on the requested port before starting its own server, without verifying ownership, purpose, or requesting confirmation. This can kill unrelated local services or developer tooling and cause denial of service or data loss if the terminated process was important.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This viewer pulls fonts from Google and the SheetJS library from a CDN at runtime, which creates unnecessary third-party network access for a local review tool. If those external resources are unavailable, modified, or monitored, they can leak reviewer metadata and usage patterns or enable supply-chain compromise of the review interface.

Vague Triggers

High
Confidence
94% confidence
Finding
The skill explicitly tells authors to make descriptions 'pushy' and to trigger even when users do not explicitly ask for the capability. In a skill whose purpose is to create or modify other skills and run scripts, overbroad triggering can cause unintended activation on ordinary requests, leading to unnecessary code execution, file modifications, benchmark runs, and browser/viewer launch behavior.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script builds a prompt containing full skill content, eval queries, prior attempts, and result history, then forwards it to an external `claude -p` process without any explicit consent gate or minimization. If skill files, eval prompts, or history contain proprietary code, secrets, or sensitive user data, this can cause unintended disclosure to an external model backend.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script stores full prompts, model responses, and derived descriptions in transcript logs and may print descriptions and scores to stderr in verbose mode. Those logs can persist sensitive skill contents, eval queries, or model-generated data on disk or in CI logs where other users or systems may access them.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script automatically opens a generated HTML report in the user's default browser without explicit consent. While the report content appears locally generated, automatic browser launch can surprise users, leak activity to external handlers or synced browser profiles, and creates an unnecessary side effect that is risky in automation, headless, or privileged environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal