ClawHub

AI 全栈技术面试训练营

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed interview-prep workflow, but users should be aware it can create GitHub Issues as part of organizing a question bank.

Install this only if you want an interview-prep assistant that can search external sources and organize practice questions as GitHub Issues. Before running the full workflow, confirm which repository should receive issues and ask for a preview or confirmation step if you do not want automatic issue creation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad and generic enough that the skill may activate during ordinary conversations about interviews, coding practice, or preparation, rather than only on explicit user intent to run this workflow. Because the skill chains into external search, scraping, card generation, and GitHub issue creation, accidental activation can cause unintended actions and data/workspace changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description and usage flow indicate that it will create GitHub Issues as part of normal operation, but it does not clearly warn the user up front that repository-side effects will occur. In this context, the omission is more dangerous because issue creation is presented as an automatic workflow step, increasing the chance of surprise writes, repository clutter, or modification of the wrong workspace.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The entry-point triggers are very broad natural-language phrases such as preparing for an interview or reviewing an answer, with no explicit confirmation, scoping, or authorization guard. This can cause unintended workflow activation, including external search, scraping, issue creation, and content generation, which is a genuine security and safety risk because user intent may be misinterpreted and side-effecting actions may occur without clear consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal