ClawHub

Business Automation Architect

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent and instruction-only, but it needs review because it guides agents toward broad live business automations that can affect payments, accounts, messages, files, APIs, and recurring jobs.

Install only if you plan to supervise implementation closely. Treat it as a planning and design aid by default, and require explicit approval before it creates cron jobs, calls live APIs, sends messages, updates accounting or HR systems, approves invoices, schedules payments, or touches production data. Use sandbox data, dry-run mode, least-privilege credentials, audit logs, and documented rollback or disable steps for every automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly guides users to build automations that can execute scripts, call external APIs, write files, and schedule cron jobs, but it does not provide a prominent upfront safety notice about risks such as unintended external data transmission, destructive changes, credential misuse, or persistent scheduled actions. In a business automation context, these actions can affect production systems and sensitive business data, so omission of guardrails materially increases the chance of unsafe deployment.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
→ Extract data (vendor, amount, line items, due date)
  → Match to PO / budget category
  → Validate:
    - Amount within approved range? → Auto-approve
    - Over threshold? → Route to manager
    - No matching PO? → Flag for review
  → Schedule payment based on terms
Confidence
87% confidence
Finding
Auto-approve

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal