ClawHub

Agent Autonomy Kit 1.0.0

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about enabling autonomous agent work, but it needs review because it encourages unattended scheduled actions and persistent workspace edits without clear safety limits.

Install only if you intentionally want agents to work between prompts. Before enabling heartbeats or cron jobs, restrict writable paths, define approved task types, require human approval for destructive, financial, production, public-posting, or external actions, monitor token and channel usage, and verify the repository source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly instructs agents to read from a shared task queue, pick work, perform it, and update files such as the queue and daily memory without emphasizing that these actions mutate repository state. In an autonomy-focused skill, normalizing unattended file changes increases the chance of unintended edits, task drift, or corruption of user-managed files, especially when tasks are loosely defined and can be self-generated.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The cron examples promote scheduled work sessions that run automatically and 'do research, writing, or analysis' with no human prompt, while also using the main session in at least one case. This materially increases risk because the agent can take actions, consume resources, and alter project state when no user is present to validate intent, making accidental or harmful autonomous behavior more likely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
This section explicitly encourages proactive and continuous operation with phrases like "Do work, don't just check" and "Work until limits hit" without defining approval boundaries, safe stop conditions, or task scope. In an agent skill, ambiguous autonomous activation can cause the agent to take unintended actions, continue modifying system state, or perform work outside user expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guidance recommends cron jobs, overnight work, and continuous operation but does not warn users that this can produce unattended actions and persistent system changes. That omission increases the chance that a user deploys the skill without understanding that scheduled autonomous execution may alter files, consume resources, or trigger external actions while no one is supervising.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly instructs the agent to update files such as `memory/YYYY-MM-DD.md` and `tasks/QUEUE.md` without any disclosure, confirmation, or policy guardrails about modifying user or workspace data. In an autonomy-oriented skill ('Stop waiting for prompts. Keep working.'), this increases the chance of silent, repeated file writes that the user did not explicitly authorize, which can create integrity and auditability problems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal