ClawHub

Auto Create Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed skill generator, but it can persist future auto-triggering agent behavior and its templates encourage broad triggers and automated repository actions that deserve careful review.

Install only if you want an agent to create and modify persistent skills. Before accepting any generated skill, review the exact files, paths, trigger phrases, and any steps that edit code, delete files, commit, or push; add explicit confirmations for those high-impact actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
94% confidence
Finding
The trigger guidance says to immediately use this skill for broad signals such as repeated behavior or vague automation intent, which makes accidental invocation likely. Because this skill can create and update persistent files and registries, over-triggering can lead to unintended skill generation, modification of existing assets, or unauthorized persistence from ordinary conversation.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to make generated skills' descriptions 'as broad as possible' encourages downstream skills to overmatch future conversations. This compounds the risk of unintentional auto-activation across other skills, potentially causing cascading execution of workflows that read, write, or modify state without the user specifically invoking them.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The template explicitly encourages authors to enumerate trigger phrases as broadly as possible, but does not require scope boundaries, exclusions, or disambiguation rules. In a skill auto-creation context, this increases the chance that future generated skills will activate on ambiguous user requests and perform actions the user did not clearly intend.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger phrases '修复 BUG / 修 bug' are so broad that they can overlap with ordinary conversational requests or general coding help. Because this file is a reference template, such broad examples normalize unsafe trigger design and can propagate overbroad activation behavior into generated skills.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example describes automated code modification and remote push behavior without prominently warning that the workflow changes the local repository and may publish changes to a remote. In an automation template, missing risk disclosure can cause users or downstream skill authors to treat destructive or externally visible actions as routine, reducing meaningful consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The branching example includes direct code changes and remote push steps across multiple paths, but lacks a consistent warning banner or mandatory approval language covering repository and remote-side effects. Because it is a reusable pattern, this omission can systematically produce workflows that perform high-impact operations without sufficiently explicit user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal