ClawHub

Error Guard — Control‑Plane Safety

Security checks across malware telemetry and agentic risk

Overview

This skill is an emergency control tool, but it can kill active sessions and spawn sub-agents with limited scoping or confirmation.

Install only if you need an advanced emergency control-plane skill and are comfortable with a command that can terminate active work. Before enabling it for autonomous use, restrict who can invoke /flush or /recover, verify whether it can kill unrelated sessions, and review or disable the sub-agent spawning helper unless you explicitly need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The advertised 'flush/recover' control path does more than clear in-memory task state: it enumerates and kills all exec sessions through the process control API. In a control-plane skill, this creates a broad denial-of-service capability that can terminate unrelated or legitimate work beyond the task registry, especially if the skill is invoked accidentally or by a less-trusted caller.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
On startup, persisted tasks are only relabeled as 'cancelled' in the in-memory registry, but no underlying process, session, or background work is actually stopped. This creates a dangerous mismatch between reported control-plane state and real execution state, allowing orphaned work to continue invisibly and evade operator expectations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill metadata says it provides non-LLM control and recovery commands, but this code exposes a general sub-agent spawning primitive that can run arbitrary long-lived tasks from a free-form message. That expands the capability surface beyond the declared scope and could be abused by callers to create autonomous work outside the intended recovery/control plane, increasing operational and security risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The emergency flush path performs an irreversible destructive action by killing active exec sessions without any confirmation, warning, or scope limitation visible in the code. In an operational recovery skill, that makes accidental invocation or misuse likely to disrupt active workloads and can be abused for service interruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal