ClawHub

Agentskill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed repository-analysis tool that creates or updates AGENTS.md files, with no artifact-backed evidence of hidden or malicious behavior.

Install only if you want an agent or CLI to inspect repository contents and generate AGENTS.md guidance. Review generated files before relying on them, and use remote references only from repositories you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The implementation materially contradicts the skill's advertised purpose: instead of producing code, it generates AGENTS.md documentation and can write it to disk. In an agent ecosystem, this kind of capability mismatch is security-relevant because callers may grant trust, permissions, or workflow placement based on the declared purpose, creating room for deceptive or unexpected file-modifying behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The split and multifile code paths broaden the undocumented behavior by creating multiple documentation artifacts on disk, which further diverges from the claimed code-generation function. This increases the risk of misuse in automated environments, where a supposedly code-focused skill may silently alter repository documentation structure and influence downstream agent behavior.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The code accepts an arbitrary remote Git URL from input and invokes `git clone` on it, which gives the skill network reachability and subprocess-driven interaction with untrusted external repositories. In a code-generation assistance skill, this meaningfully expands the attack surface: it can be abused for unauthorized outbound access, retrieval of adversarial prompt content, and processing of attacker-controlled repository data that may influence downstream agent behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow directs the agent to write AGENTS.md and even multiple companion files for new-file workflows without requiring explicit confirmation first. Automatic creation of new files can modify a repository unexpectedly, clutter worktrees, and in multifile mode amplify the blast radius across several paths.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The update path writes generated content directly to AGENTS.md (or another output path) after analysis and merge, with no explicit user confirmation, dry-run default, or visible warning before modifying repository files. In an agent-driven context, this increases the risk of unintended file overwrite or silent repository mutation, especially if the caller did not fully understand that invoking the skill performs a write operation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal