ClawHub

tinker-rlskill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be legitimate Tinker operational guidance, but it includes high-impact sharing and deletion workflows without enough safety scoping.

Install only if you intend to let the agent help with Tinker checkpoint and training operations. Before running any suggested delete, publish, public, push-hf, or W&B command, verify the exact target, repository visibility, credentials, ownership, license, and whether the checkpoint or logs contain sensitive or proprietary data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
94% confidence
Finding
The skill explicitly says to trigger even when a user merely mentions "tinker" in passing, which creates unnecessary activation and increases the chance the agent injects operational guidance into unrelated conversations. Over-broad routing is dangerous because it can cause unintended execution-adjacent assistance for sensitive actions like checkpoint deletion, publication, or external pushes when the user's intent is ambiguous.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file documents irreversible checkpoint deletion commands, including bulk deletion with filters and automatic confirmation flags, without any warning or confirmation guidance. In an agent setting, omission of safety language around destructive operations raises the risk of accidental data loss or overbroad deletion if commands are repeated or adapted without careful review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explains how to publish checkpoints publicly and push them to HuggingFace without warning about confidentiality, licensing, embedded secrets, or model/data governance concerns. This can normalize disclosure actions that may expose proprietary weights, adapters, or artifacts to unintended audiences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The publish/unpublish command changes a checkpoint's accessibility to public, but the reference does not explicitly warn that model artifacts may contain proprietary weights, embedded sensitive data, or other internal assets. In a skill meant to guide operational CLI usage, this omission increases the chance of accidental data exposure by users who may treat the action as routine metadata management rather than external sharing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The push-hf command uploads checkpoint contents to HuggingFace Hub, which is an external third-party service, but the documentation does not clearly warn that this transmits model files and possibly metadata outside the Tinker environment. Because this skill is designed to operationalize checkpoint handling, the omission can directly contribute to unintended exfiltration of proprietary or sensitive model artifacts.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation recommends enabling Weights & Biases logging without warning that training metadata may be transmitted to a third-party service. In a model-training context, run names, configs, metrics, prompts, file paths, or other metadata can unintentionally expose sensitive project details or regulated data if users enable remote logging without understanding the privacy implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal