ClawHub

Adaptive Problem Solver

Security checks across malware telemetry and agentic risk

Overview

This skill is not plainly malicious, but it is designed to generate workarounds after safety or permission blocks, including host-level alternatives, so users should review it carefully before installing.

Install only if you explicitly want an assistant that proposes alternatives after refusals or permission limits. Do not allow it to suggest host-machine commands, elevated privileges, environment-variable handling, or scripts unless a human reviews the exact steps and confirms authorization. Avoid entering secrets or sensitive operational details, and periodically clear or disable the local history/profile/log files if used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (17)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims to collaborate with security controls, but elsewhere explicitly promotes alternatives such as host execution and temporary privilege elevation when constrained environments block actions. In practice, this can normalize escalation paths that weaken isolation boundaries and encourage users or agents to move sensitive operations outside approved controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document claims it will not bypass protocols, but elsewhere explicitly invites users to seek ways around security blocks. That contradiction is dangerous because it can normalize policy evasion under the label of 'workarounds' and cause the assistant to provide disallowed assistance while appearing compliant.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The module is explicitly designed to propose alternatives when safety or permission restrictions block an action, including host-machine commands and environment-variable passing. In an agent skill context, this meaningfully increases the chance the system will assist with bypassing intended containment or policy boundaries rather than safely refusing.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The wrapper is presented as a workflow integration layer, but it also persistently stores portions of user messages in logs and updates a per-user profile on disk. In an agent skill context, that creates a privacy and data-governance risk because potentially sensitive prompts, preferences, and behavioral data are retained without any visible consent, minimization, retention policy, or access controls.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The automatic and manual triggers are broad enough to activate on many normal conversations about limitations. That can cause the skill to unexpectedly shift into workaround-generation mode, increasing the chance of unsafe assistance or policy-conflicted suggestions without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide says the system records user choices, feedback, preferences, and usage outcomes, but does not provide a clear notice, retention policy, or consent flow. This creates privacy and compliance risk because potentially sensitive behavioral data may be collected without transparency or minimization.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill writes execution history and user-profile data to local disk without notice, consent, retention policy, or access controls. This creates privacy risk because user feedback and behavioral preferences may contain sensitive operational or personal information that persists beyond the immediate session.

Ssd 4

Medium
Confidence
97% confidence
Finding
The skill repeatedly frames security restrictions, permission limits, and safety guardrails as obstacles requiring 'adaptive' alternatives, including workaround-oriented patterns and escalation options. Even without explicit exploit code, this creates a bypass mindset that can steer an agent toward unsafe delegation, staged circumvention, or policy erosion in contexts where guardrails are meant to stop harmful actions.

Ssd 3

Medium
Confidence
91% confidence
Finding
The learning component stores solution history, user feedback, execution timing, and preferences without any stated minimization, retention limit, consent model, or sensitivity filtering. This creates a realistic risk of accumulating personal, behavioral, or sensitive operational data that could later be exposed, misused, or repurposed beyond the user's expectations.

Ssd 1

High
Confidence
98% confidence
Finding
The stated goal is to make the assistant less likely to say 'cannot do' when constrained by safety protocols, which reframes safety boundaries as obstacles to be overcome. In a security context, that encourages policy circumvention behavior and can systematically push the assistant toward providing prohibited assistance in an alternative form.

Ssd 1

High
Confidence
98% confidence
Finding
This section says the system should detect when guardrails block a solvable request and then generate workaround options. That is a classic bypass-by-assistance pattern: the assistant may not perform the blocked act directly, but it can still materially enable the user to achieve it.

Ssd 3

Medium
Confidence
90% confidence
Finding
The guide directs persistent recording of user selections, feedback, preferences, and history without clear limits on scope or duration. This can lead to overcollection of sensitive behavioral data and creates unnecessary privacy, profiling, and retention risk.

Ssd 4

High
Confidence
97% confidence
Finding
The workflow explicitly instructs the system to analyze restrictions and then systematically generate multiple workaround options. That makes circumvention a built-in operating pattern rather than an edge case, increasing the likelihood of repeated unsafe guidance when users encounter safety or permission barriers.

Ssd 1

High
Confidence
99% confidence
Finding
The trigger phrase explicitly invites the user to ask whether there is a way around a security protocol block. This directly solicits guardrail circumvention and conditions the assistant to interpret safety refusals as prompts to help the user bypass them.

Ssd 1

High
Confidence
98% confidence
Finding
The stated goal is to avoid responding with refusal and instead generate workaround solutions under security-protocol constraints. In a safety-sensitive agent environment, this directly incentivizes circumvention behavior and can help users achieve blocked actions through indirect instructions, scripts, or staged guidance.

Ssd 4

Medium
Confidence
95% confidence
Finding
The solution library operationalizes circumvention by cataloging options for security and permission constraints, including host-machine execution and staged alternatives. This makes the risky behavior systematic and reusable, increasing the likelihood of policy evasion across many prompts rather than as an isolated edge case.

Ssd 3

Medium
Confidence
93% confidence
Finding
Persistent recording of feedback, timing, and solution history creates a retained behavioral dataset without minimization, sensitivity review, or explicit consent. In an agent skill, such logs can accumulate sensitive context about user operations and decisions, and become a secondary exposure point if the host is shared or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal