ClawHub

Brainstorming

Security checks across malware telemetry and agentic risk

Overview

This planning skill is coherent and not malicious, but it can read project context and save/commit a design document after the brainstorming flow.

Install this if you want a structured design-first workflow. Before using it, expect the agent to inspect the current repository and, after design validation, potentially create docs/plans/YYYY-MM-DD-<topic>-design.md and commit it. Ask the agent to confirm the exact file path and git commit before it makes repository changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a pre-implementation brainstorming aid, but it also directs the agent to write files and commit to git. That mismatch can cause users or orchestrators to invoke a seemingly low-risk planning skill that performs repository mutations, increasing the chance of unintended changes and abuse through prompt-triggered side effects.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Committing to git is not necessary for brainstorming itself and grants a persistence mechanism beyond the stated design purpose. Even if the content is benign, automatic commits can create misleading history, persist unwanted artifacts, or be chained with other behaviors to smuggle changes into a repository under the guise of planning.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The mandatory trigger for 'any creative work' is overly broad and ambiguous, making this skill likely to activate in many normal development contexts. In combination with the write/commit instructions, broad activation expands the attack surface by causing a high frequency of unintended invocation of a skill that can modify project state.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs writing a design document and committing it to git without warning the user that the repository will be modified. Hidden state changes are dangerous because users may believe they are only having a discussion, while the agent persists files and alters version control history without explicit consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal