ClawHub

Overstory Integration

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real Overstory orchestration helper, but it exposes high-impact local controls with weak safeguards around forced worktree cleanup and persistent agent/git-hook behavior.

Install only if you intentionally want local Overstory agent orchestration in a trusted workspace. Before using cleanup, kill, or hook-install commands, verify the exact target agent/worktree, avoid untrusted agent names, inspect git worktrees and hooks, and keep important work committed or backed up.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
) -> subprocess.CompletedProcess:
    log.debug("exec: %s (cwd=%s)", args, cwd)
    try:
        result = subprocess.run(
            args,
            capture_output=True,
            text=True,
Confidence
70% confidence
Finding
result = subprocess.run( args, capture_output=True, text=True, cwd=cwd, timeout=timeout, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This markdown file documents commands to kill agents and clean up worktrees, which can terminate running work and remove local workspace state, but it provides no warning about potential data loss or irreversibility. Under the markdown-specific SQP-2 criteria, descriptions that omit warnings for behaviors affecting user data or system integrity should be flagged.

Unvalidated Output Injection

High
Category
Output Handling
Content
) -> subprocess.CompletedProcess:
    log.debug("exec: %s (cwd=%s)", args, cwd)
    try:
        result = subprocess.run(
            args,
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
subprocess.run( args, capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal