ClawHub

Temp Agent Autonomy Kit

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it is designed to make agents run scheduled autonomous work with weak safety boundaries.

Install only after reviewing the source and pinning a trusted commit. Before enabling cron or frequent heartbeats, restrict the task queue to human-approved work, limit writable paths and external actions, require approval for sensitive or destructive tasks, disable automatic team-channel posting unless the channel is approved, and tell the agent not to log secrets or private data into memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly promotes cron-triggered autonomous work sessions that run without a fresh human prompt, but it does not warn users that the agent may act, create outputs, or make decisions without immediate review. In an autonomy-focused skill, that omission materially increases the chance of unintended actions, unsafe task execution, or unnoticed propagation of bad outputs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages agents to post progress, handoffs, blockers, and discoveries to Discord/Slack or team channels, but provides no privacy or data-handling guidance. This creates a realistic risk that sensitive internal information, customer data, credentials, or confidential work artifacts could be shared into third-party platforms or overly broad channels.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description 'Stop waiting for prompts. Keep working.' is broad activation language that encourages autonomous behavior without stating clear user-approved boundaries or triggers. In a skill whose purpose is to increase agent autonomy, this can cause unintended invocation or continued operation beyond what a user reasonably expects.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill repeatedly promotes always-on, self-directed behavior through phrases like 'do work, don't just check,' 'continuous operation,' and 'Work until limits hit' without defining guardrails, approval points, or restricted actions. This is dangerous because it normalizes indefinite autonomous execution, which can amplify mistakes, trigger unintended actions, or cause persistent changes to user systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start instructions tell users to 'Set up cron jobs for overnight work and daily reports' and to let work happen 'without prompting,' but provide no warning about the risks of scheduled autonomous activity affecting files, services, or other user data. In context, this omission is especially risky because the skill is explicitly designed to keep operating proactively, increasing the chance of unsupervised harmful actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The instruction to log work to a dated memory file encourages persistent recording of activity without any guardrails about excluding secrets, user data, credentials, or sensitive task context. In an autonomy-focused skill that continuously picks up work, this increases the chance that private information from prompts, repositories, or operational tasks is copied into long-lived notes and retained beyond its necessary use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal