Security audit

Huo15 Claw Butler File Delivery

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow file-delivery helper for sending user-requested generated files to a paired Claw Butler client.

Install this if you use Claw Butler and want reliable delivery of files generated during a session. Before use, make sure the file is actually intended for that paired client, and be careful with large-file URL delivery because externally hosted links may expose the file outside the chat system.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes very common phrases such as '下载', 'send me the file', and 'why is it just a link', which can match many ordinary conversations and cause the skill to activate outside its intended scope. Because this skill instructs the agent to deliver files to a paired client, over-broad activation can lead to unintended file transmission or misrouting of sensitive outputs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal