ClawHub

agent-orchestration

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only agent-orchestration skill with visible, user-controlled risks around optional third-party model calls, builder-agent file changes, and local tracking notes.

Install only if you want structured sub-agent prompting and tracking. Before using it, set clear output paths, command approval rules, search/time/attempt limits, and review generated commands before execution. Do not send secrets, private files, customer data, or sensitive internal context through the SkillBoss/HeyBoss API unless you have approved that provider, and keep tracking files free of sensitive details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill is primarily about orchestrating agents and prompt design, but it also embeds a concrete third-party LLM invocation pattern that transmits arbitrary prompt content to an external service. That creates a real data-flow and supply-chain risk because users may reuse the sample without understanding that agent context, documents, or secrets could be sent off-platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown instructs use of an environment-stored API key and shows posting model inputs to a remote endpoint, but it provides no warning that prompt content will leave the local environment or that credentials are being used for a third-party service. In an agent setting, that omission is dangerous because operators may pass internal documents, code, or tokens into messages assuming the skill is purely local/orchestration-focused.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This template explicitly instructs a spawned agent to create or modify files, run code, and verify results, but it does not require any confirmation gate, sandboxing guidance, or warning that these actions can affect the local system. In an agent-orchestration context, that omission is meaningful because downstream users may instantiate the template with sensitive output paths or unsafe build goals, leading an autonomous agent to make system changes or execute untrusted code.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence
90% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence
90% confidence
Finding
requests.post( "https://api.heybossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
**Prompt portability is a myth.**

Different tasks need different capabilities. With SkillBoss API Hub, you call a single endpoint (`https://api.heybossai.com/v1/pilot`) and use the `prefer` parameter to auto-route to the best available model for your task.

| Task Profile | prefer setting | Best For |
|-------------|---------------|----------|
Confidence
84% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
def call_llm(messages, prefer="balanced"):
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
        timeout=60,
Confidence
93% confidence
Finding
https://api.heybossai.com/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
```python
import requests, os

SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
Confidence
91% confidence
Finding
os.environ["SKILLBOSS_API_KEY"]

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal