ClawHub

Academic Mentor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent academic mentoring aid, with disclosed local setup and no evidence of hidden access, credential use, persistence, exfiltration, or destructive behavior.

Before installing, verify the actual Python package or repository because the reviewed bundle only includes SKILL.md and README.md while the docs reference installable code. Use generated proposals and literature-review text as drafts, templates, or feedback, not as work to submit unchanged, and only allow file exports after choosing the exact destination and confirming overwrites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill’s academic-integrity section says not to write content, but earlier instructions explicitly direct the agent to generate full proposals, outlines, literature review text, and other substantive deliverables. This contradiction can lead the agent to produce ghostwritten academic material that users may submit as their own, creating integrity and policy risk even without malicious intent.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill tells the agent to offer saving generated materials to files without any explicit requirement for user confirmation, safe destination selection, or overwrite protection. In an agentic environment with file-write capabilities, this can result in unintended local file creation or overwriting user data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The repeated encouragement to save or export materials normalizes file-writing behavior without clear user-facing warnings or confirmation steps. If implemented by an agent with filesystem access, this increases the chance of silent file creation, accidental overwrite, or placement of sensitive content in insecure locations.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal