ClawHub

OpenTangl

Security checks across malware telemetry and agentic risk

Overview

OpenTangl is openly an autonomous development setup skill, but it can lead to code changes and GitHub merges using the user's account, so it should be reviewed carefully before use.

Install only if you intend to configure autonomous repository changes. Review and pin the external OpenTangl code before running it, use a dedicated least-privilege GitHub identity or token where possible, test on a non-critical repository first, and keep branch protection or required human review enabled for merges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The skill says it will not handle API keys directly, but then instructs the agent to inspect `.gitignore` and potentially modify it as part of secret-handling setup. While it still avoids asking the user to reveal the key, touching files related to secret protection creates a mismatch between the safety claim and actual behavior, which can mislead users about what the agent will access or change. In an autonomous development skill, that ambiguity matters because users may underestimate the agent’s involvement in sensitive configuration.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The skill description is broadly framed as an autonomous system that can write code, create PRs, review diffs, and merge across multiple repositories, but it does not define clear invocation boundaries or explicit preconditions in the metadata/description itself. That increases the risk of accidental activation in overly broad contexts, leading users to invoke a high-impact skill without understanding that it can perform multi-repo code and GitHub operations. In this context, broad trigger language is more dangerous because the described actions include autonomous code changes and merging.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs creation of `projects.yaml` in the OpenTangl root and later other local files, but does not prominently warn up front that using the skill will modify the user's workspace. Although later steps describe what to create, the absence of an explicit early modification warning can cause users to consent to analysis-like behavior and then experience unexpected writes. In a development automation skill, silent or poorly signposted local file creation is especially risky because it can affect repo state and downstream automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal