ClawHub

Tenacity — Never Give Up

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an autonomy helper, but it gives an agent broad no-confirmation authority, persistence, and Telegram messaging that should be reviewed before installation.

Install only if you want explicit autonomous-agent behavior. Before use, narrow the trigger phrase, define written task scope and stop conditions, remove or replace the hard-coded Telegram recipient, require confirmation for deletes, risky commands, production changes, external messages, and cron jobs, and clean checkpoint or memory logs after completion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list is broad and includes common conversational phrases like 'keep going' and 'don't stop until done', which can cause the skill to activate in contexts where the user did not intend durable autonomous execution. Because this skill suppresses intermediary confirmation, accidental activation can lead to actions continuing beyond the user's expected scope.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation section defines vague criteria such as any long-running multi-step task and several natural-language examples, making it easy for the skill to be invoked without a clear boundary on authority. In combination with the 'ask only when blocked' model, ambiguous activation increases the chance of unintended autonomous behavior on sensitive or system-impacting tasks.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill description explicitly promotes 'no intermediary confirmation handoffs' and 'don't stop until done' without pairing that autonomy with visible safeguards for destructive, privileged, or externally persistent actions. This normalization of reduced confirmation can cause the agent to proceed with impactful operations the user may not realize are being executed automatically.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to create persistent tasks, cron jobs, named sessions, and even outbound announcements to a fixed Telegram recipient, but it does not require a user-facing warning or renewed consent for ongoing autonomous execution. The context makes this more dangerous because persistence survives restarts and can continue acting or notifying externally after the initiating interaction ends.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly grants broad autonomous abilities to read, modify, and delete workspace files and run commands, but it provides no safety guardrails such as confirmation requirements, scope restrictions, or user-warning language. In a standing-order template, these permissions normalize potentially destructive behavior and can lead an agent to perform harmful actions without meaningful human review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal