ClawHub

XQE Agent Team

Security checks across malware telemetry and agentic risk

Overview

This appears to be a multi-agent orchestration skill whose broad activation language could start delegated workflows, including sensitive code and trading analysis, without a clear user opt-in.

Install only if you intentionally want a multi-agent team workflow. Avoid enabling it as the default handler for routine writing, debugging, code review, research, or trading questions, and do not use it with private code, logs, credentials, regulated data, or financial decisions unless you have clear controls over what each worker receives and when agents persist across sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest advertises very broad triggers such as 'any complex task decomposable into parallel workstreams,' which can cause the skill to activate in situations far beyond its safe, intended scope. Because this skill can spawn multiple persistent sub-agents and coordinate cross-session messaging, over-triggering increases the chance of unintended delegation, data overexposure, cost blowups, and unsafe execution on sensitive tasks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The code review triggers include broad phrases like 'review this codebase' and 'analyze and refactor' that can plausibly appear in ordinary conversations, causing the skill to activate when the user did not explicitly request multi-agent orchestration. In this skill, unintended activation matters because it can cause unnecessary delegation, wider context sharing across workers, and execution of a more powerful workflow than the user intended.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Phrases such as 'research this market' and 'analyze competitors' are common requests and do not clearly signal that a multi-agent team should be invoked. In a research-oriented skill, this increases the chance of accidental activation during normal analysis conversations, potentially broadening data collection and agent coordination beyond what the user expected.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trading trigger includes 'should I enter this trade', an everyday advisory phrase that is especially sensitive because it can lead to an orchestrated workflow producing a BUY/HOLD/SKIP recommendation. In the financial context, ambiguous activation is more dangerous than in generic domains because users may treat the output as actionable investment guidance without clearly opting into this specialized multi-agent process.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The document-generation triggers like 'write a report on X' and '生成分析报告' are broad enough to match many normal writing requests, so the team orchestration skill may activate without a clear need for parallel workers. That can unnecessarily expand prompt context across multiple roles and create confusing or overcomplicated behavior compared with a simpler, safer single-agent drafting flow.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Debugging phrases like 'debug this error' and 'find the bug' are extremely common and do not inherently indicate that multiple agents should be spawned. In a debugging context, accidental activation can propagate logs, stack traces, and source excerpts across several worker roles, increasing exposure of potentially sensitive code or operational data while also making behavior less predictable.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal