ClawHub

Ai Pair

Security checks across malware telemetry and agentic risk

Overview

This is a coherent multi-AI review skill, but it gives long-lived agents broad local authority and can send project code or drafts to external AI CLIs.

Review before installing. Use this only in projects where you are comfortable with multiple agents reading files and with Codex/Gemini receiving review material through your authenticated CLI sessions. Avoid secrets, confidential repositories, unpublished sensitive drafts, customer data, or regulated information unless your policies allow it, and run /ai-pair team-stop when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs launching agents in `mode: "bypassPermissions"` so they can execute external CLIs and read project files. That grants broader authority than needed for orchestration and creates a real risk of unrestricted file access, unintended command execution, and data exfiltration to third-party tools.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The content-review flow sends user content to third-party CLIs for logic, accuracy, and fact-checking without clear necessity or scoped authorization. For a generic collaboration skill, this expands data exposure beyond local coordination and can leak proprietary or sensitive draft material to external services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prerequisites mention Codex and Gemini CLIs, but the skill does not clearly warn users that code or content will be sent to external tools. This omission undermines informed consent and can lead to unintentional disclosure of source code, drafts, or internal project context to third-party services.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill does not adequately warn that agents are launched with bypassed permissions and may read project files while also invoking external CLIs. In context, this is especially dangerous because it combines elevated local access with outbound data flow, increasing the chance of sensitive repository data being exposed without the user's informed approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal