ClawHub

Nerve Bridge Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Trae on macOS, but it gives broad UI-driven code/command execution power without strong scoping or confirmation controls.

Install only if you intentionally want an agent to drive Trae on macOS. Use it only with trusted prompts and trusted projects, avoid putting secrets in instructions because they pass through the clipboard, watch the focused application while it runs, and be cautious about granting Accessibility permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
)

    # 3. Inject Signal (Send to Clipboard)
    p = subprocess.Popen(['pbcopy'], stdin=subprocess.PIPE)
    p.communicate(input=full_payload.encode('utf-8'))

    # 4. Fire Neural Pulse (AppleScript)
Confidence
90% confidence
Finding
p = subprocess.Popen(['pbcopy'], stdin=subprocess.PIPE)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
' key code 36\n'  # Enter
        'end tell'
    )
    subprocess.run(['osascript', '-e', script])

    print("➡️ [Send] Instruction sent. Waiting for Trae signal...")
Confidence
94% confidence
Finding
subprocess.run(['osascript', '-e', script])

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill programmatically controls the Trae UI by pasting arbitrary instructions and submitting them for execution, which can directly modify files or system state. Without a prominent warning, users may invoke it as if it were a normal helper rather than a high-risk automation bridge capable of carrying out arbitrary actions in another tool.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The documented hook writes to a fixed file path in the user's home workspace and may create or overwrite that file, but the skill does not warn the user about this side effect. Even though the file is only used for feedback, silent writes to user-controlled locations can cause confusion, data loss, or be repurposed unsafely by downstream automation.

Missing User Warnings

Medium
Confidence
70% confidence
Finding
The code silently deletes a predictable feedback file in the user's home directory before each run, with no confirmation or integrity checks. While this is not arbitrary file deletion, it can destroy state, interfere with concurrent processes, and be abused to mask or disrupt the feedback mechanism the tool relies on.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill automates clipboard manipulation and AppleScript-driven keystrokes to inject and execute content in Trae, yet provides no explicit warning, consent flow, or safety boundary. In this skill context, that omission increases risk because the tool is specifically intended to send executable instructions and append a forced reporting hook, so accidental or malicious misuse can trigger unintended actions on the user's machine.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal