ClawHub

Agent Designer

Security checks across malware telemetry and agentic risk

Overview

This is a user-directed multi-agent design toolkit that reads chosen JSON inputs and writes local design or evaluation outputs, with no hidden execution, network access, or persistence found.

Install only if you want a local design/evaluation toolkit and are comfortable running its Python scripts yourself. Review generated schemas before deploying them, especially file, document, search, and code-execution tool examples, and avoid feeding confidential logs unless you are prepared for derived reports to be written to local files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tool writes full evaluation outputs derived from execution logs to local JSON files without an explicit warning, consent step, redaction, or sensitivity controls. Because the logs include task descriptions, actions, results, error details, metadata, and possibly identifiers, this can persist sensitive operational or user data to disk where it may be exposed through shared workspaces, backups, or later exfiltration.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The document processor accepts broad URL/path inputs including http(s), file://, and absolute paths, which creates an unsafe capability boundary if consumed by an agent without strict policy enforcement. This can enable unintended local file access or retrieval of sensitive remote resources, making it a meaningful security risk in an agentic context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tool explicitly logs user search queries for analytics, but the description does not indicate user notice, consent, minimization, or controls around sensitive data handling. In agent systems, search queries may contain secrets, personal data, or proprietary prompts, so silent logging creates real privacy and data-governance exposure.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The file_manager tool is defined with a generic action and path schema but no allowlist of operations, path restrictions, or authorization context. In an agent architecture, this can enable unsafe file reads/writes, path traversal, or destructive file operations if downstream implementations interpret the schema broadly.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This second file_manager definition repeats the same unconstrained design, expanding the attack surface by giving another agent broad file-operation capability without clear limits. In a multi-agent system, duplicated unsafe tool definitions increase the chance that one agent can be induced to access, overwrite, or expose sensitive files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal