ClawHub

Run Test Plan

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent test-plan runner, but users should treat its YAML plans as executable and run only trusted plans.

Install this only if you understand that a test plan can run local shell commands, start services, make network requests, and write evidence files. Review the YAML before use, keep secrets out of logs and screenshots, and prefer running unfamiliar plans in a disposable workspace or container.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly executes arbitrary commands taken from the YAML test plan (`<command>` / `run:`), which means anyone who can influence the plan can run shell commands on the host. Although this is framed as test execution, the implementation provides a general code-execution capability with no allowlisting, sandboxing, or user confirmation, so the stated purpose does not meaningfully constrain impact.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill copies environment-derived values into exported variables without any safeguards or warning about sensitive data handling. In a test plan that also supports shell commands, HTTP requests, logs, and debug artifact generation, this increases the chance that secrets from the environment are exposed to subprocesses, written to files, or sent to remote endpoints.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to execute arbitrary shell commands from the plan with no user-facing warning that commands may modify the filesystem, processes, or system state. This is dangerous because a malicious or compromised test plan can perform destructive actions, install persistence, or access sensitive local resources under the guise of test execution.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill performs health checks, curl requests, and browser automation against URLs from the plan without warning about privacy, SSRF-like access, or unintended interaction with internal services. If the plan is attacker-controlled, it can direct requests to sensitive internal endpoints or cause the agent to interact with untrusted web content using ambient network access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal