ClawHub

Developer Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent developer workflow, but it can push and merge real repository changes and forwards all user links and attachments to Cursor without enough explicit control or filtering.

Review before installing. Use it only in repositories where you are comfortable with an agent coordinating real git changes, and require it to stop before staging, committing, pushing, merging, or triggering deployment-related workflows. Review the final diff yourself, prefer pull requests and branch protections, and do not forward attachments or links containing secrets, customer data, private configs, credentials, or sensitive internal material to Cursor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to perform broad git operations including `git add .`, `git push`, `git checkout staging`, and `git merge` without any required user confirmation or warning about repository-wide effects. In an automation/orchestration skill, this creates a real risk of unintended commits, merges, or pushes to shared branches, which can expose secrets, overwrite work, or deploy unreviewed code.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs sending all user-provided links and attachments to Cursor, but provides no privacy notice, consent check, or data minimization rule. That can cause unnecessary disclosure of sensitive documents, internal URLs, credentials embedded in files, or proprietary source context to an external tool, especially because this skill is designed to orchestrate development work across real repositories.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guideline explicitly tells operators to forward all user-provided links and attachments to Cursor, but provides no instruction to screen for secrets, personal data, credentials, internal documents, or untrusted content. In a development-orchestration skill, this creates a real data leakage and prompt-injection expansion risk because sensitive or adversarial material may be unnecessarily propagated to another agent or external tool.

Ssd 3

Medium
Confidence
95% confidence
Finding
The planning template explicitly instructs forwarding user-provided links and attachments to another agent with no screening, minimization, or sensitivity checks. In a development orchestration skill, those resources may contain secrets, internal URLs, proprietary code, credentials, or regulated data, so this creates a realistic data-leakage path to a secondary system.

Ssd 3

Medium
Confidence
97% confidence
Finding
The implementation template says to include all user links and all user attachments, which is a direct natural-language instruction to over-share potentially sensitive content with another agent. Because this skill coordinates coding, git workflows, and deployment-related tasks, attachments may plausibly include source code, configs, build logs, or secrets-bearing artifacts, increasing the chance of exposing confidential information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal