ClawHub

agent-orchestration

Security checks across malware telemetry and agentic risk

Overview

This is a prompt-and-agent orchestration guide with a disclosed third-party API example and local tracking-file guidance; it needs careful use but the artifacts are coherent and not deceptive.

Install only if you are comfortable with the SkillBoss API workflow and the local tracking-file convention. Do not send secrets, proprietary documents, regulated data, or private user content through the example endpoint unless you trust the provider and have approval. Use a limited API key, monitor usage, and keep LEARNINGS.md and active-agent logs minimal or excluded from commits when they contain sensitive context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as orchestration guidance, but this section introduces an external API integration and operational behavior beyond the declared scope. That mismatch matters because users may adopt networked behavior and data-sharing patterns without realizing the skill expands capabilities beyond local prompt design.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
This section directs persistent writes to repository files such as tracking logs and learning files, which exceeds passive orchestration advice and can change local project state. Because the skill does not clearly warn that it expects ongoing file modification, users may unintentionally grant it authority to alter repository contents.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill adds third-party API access that is not clearly necessary for a generic orchestration skill and is not justified in the metadata. This creates a hidden expansion of capability from advice/orchestration into outbound data transfer and credential-backed service usage.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The markdown instructs automatic updates to local tracking and learning files without any user-facing warning or consent step. Silent repository modification is dangerous because it can pollute commits, expose operational details, or overwrite user-managed files as part of routine skill execution.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This example sends message contents to a third-party API using an API key but does not warn users that prompts, context, and possibly sensitive project data may leave their environment. In an agent-orchestration context, messages can easily include internal code, documents, or secrets, making undisclosed transmission materially risky.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence
95% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
        "https://api.heybossai.com/v1/pilot",
        headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
        json={"type": "chat", "inputs": {"messages": messages}, "prefer": prefer},
Confidence
95% confidence
Finding
requests.post( "https://api.heybossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

Env Variable Harvesting

High
Category
Data Exfiltration
Content
```python
import requests, os

SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

def call_llm(messages, prefer="balanced"):
    r = requests.post(
Confidence
93% confidence
Finding
os.environ["SKILLBOSS_API_KEY"]

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal