ClawHub

Route Work

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it should be reviewed because it silently changes agent routing and verification choices for broad operational and deployment work.

Install only if you want an agent to automatically and quietly choose between Codex and Claude, reasoning effort, execution style, and verification profile across many workflow types. Be especially careful for deploys, release promotion, Slack/email/admin operations, or production-service work; users should prefer an explicit routing notice or manual override for those cases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description is broad enough to trigger on a wide range of normal tasks, including agent, Slack, CLI, repo, deploy, review, and operational work. Because the skill changes provider selection and execution behavior invisibly, overbroad activation can silently affect many workflows without explicit user awareness or consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction to 'use this skill silently' makes activation boundaries unclear and encourages hidden behavior during ordinary interactions. In context, this is more dangerous because the skill is specifically designed to make autonomous routing and workflow choices without asking the user, reducing transparency and auditability.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description states that work will be classified invisibly and routed automatically, but it does not provide a user-facing warning that provider/model choice and workflow behavior may change behind the scenes. This lack of disclosure can mislead users about how their requests are handled, especially in sensitive operational or deployment contexts.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
---
name: route-work
description: Invisibly classify work and choose Codex or Claude, reasoning effort, context shape, execution style, and verification profile. Use before agent, oneshot, Slack, CLI, repo, deploy, review, or operational work where provider/reasoning should be selected automatically without asking the user.
metadata:
  author: ADWilkinson
  version: "1.1.0"
Confidence
91% confidence
Finding
without asking

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal