ClawHub

CodeBuddy Coding

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real coding helper, but it needs review because it defaults to permission bypass and can run shell-backed tasks that modify project files.

Install only if you trust the separate CodeBuddy CLI and are comfortable granting it broad coding authority. Use it in a version-controlled or disposable workspace, set an explicit safe working directory, avoid permission bypass unless intentionally needed, and do not pass untrusted task text until shell execution and background-task controls are hardened.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The wrapper defaults `permissionMode` to `bypassPermissions`, so every CLI invocation silently disables the target tool's safety checks unless the caller explicitly overrides it. In a skill/agent context, this materially increases the ability of prompts or downstream code to perform filesystem or other sensitive actions without an approval boundary, making misuse or prompt-driven abuse more dangerous.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document encourages creating files and executing programming tasks but does not warn that using the skill can modify the filesystem or project contents. In an agent-skill context, omission of such warnings increases the chance of unintended file creation, overwrites, or changes to user projects, especially when invoked by other agents automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is advertised for broad use across multiple agent roles and project contexts without disclosing that execution can alter project files. Because this framing promotes reuse by autonomous agents, the lack of warnings or constraints makes accidental destructive changes more likely and broadens the blast radius of misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly documents a permission bypass mode and file-modifying behavior, but does not prominently warn users that invoking the skill can alter project files or run with elevated-risk settings. In an agent-skill context, this increases the chance that downstream agents or users enable bypass behavior without informed consent, leading to unintended code changes or weakened safety controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation explicitly advertises file operations, command execution, and examples that use `permissionMode: 'bypassPermissions'` without corresponding guardrails, approval requirements, scope restrictions, or warnings about destructive effects. In an agent skill context, normalizing unrestricted filesystem and shell access can lead to unintended file deletion, destructive command execution, or broader host compromise if downstream agents or users follow the documented examples as safe defaults.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code not only enables permission bypass by default, it does so without any explicit disclosure, prompt, or confirmation to the caller/user. That removes an important transparency and consent control for risky subprocess execution, especially in an agent setting where the wrapper may be invoked indirectly.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill defaults task execution to `bypassPermissions`, which weakens or disables an important safety boundary without requiring explicit user opt-in. In a coding/execution skill, that increases the chance that untrusted tasks or prompts can trigger file or system actions with fewer checks, making misuse materially more dangerous.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest describes the skill as a "Universal AI coding skill" without defining activation boundaries, permitted targets, or operational constraints. In a skill that explicitly advertises file operations and command execution, this ambiguity can cause overbroad invocation and unsafe use in contexts the author did not narrowly scope, increasing the chance of destructive or sensitive actions.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill logs task identifiers and task content at start, and later logs full results and error objects, then exposes the retained entries via `getExecutionLogs()`. Because tasks, progress updates, results, and errors can contain user prompts, generated code, file paths, secrets, or other sensitive material, normal inspection of logs can disclose data beyond the immediate execution context.

Ssd 3

Medium
Confidence
93% confidence
Finding
When debug mode is enabled, `_log` prints event data directly to the console, which can include task inputs, progress payloads, results, and errors. In shared terminals, CI logs, or aggregated logging environments, this can unintentionally expose sensitive user or workspace data to parties who were not meant to access it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal