ClawHub

Multi-Skill Automation Suite

Security checks across malware telemetry and agentic risk

Overview

This skill suite discloses broad automation powers, but some high-impact actions and evasion-oriented writing features are not scoped or consent-gated clearly enough for automatic trust.

Review before installing. Only use this suite if you are comfortable granting an agent authority to alter host/network settings, automate websites, process potentially sensitive content, and install or update additional skills. Require explicit confirmation for skill installs, firewall/SSH changes, browser actions, and any persistent configuration changes; avoid using the detection-bypass writing feature for deception or policy evasion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automatic discovery, installation, and updating of skills, but does not warn users that these actions can change system state, add untrusted code, or alter agent capabilities. In a bundled automation suite, this omission increases the chance that users will run commands with elevated trust and unintentionally install or update risky components.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises web automation, data extraction, and processing of web pages, PDFs, images, audio, and videos without any privacy or data-handling warning. Users may submit sensitive internal documents, personal data, or authenticated web content without understanding retention, transmission, or compliance risks.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is described as a broad, integrated suite covering security hardening, browser automation, content manipulation, and automatic skill installation without defining when each capability should activate or what user consent boundaries apply. Overly broad scope increases the chance an agent will invoke high-impact behaviors in unintended contexts, especially because the bundled functions include system, network, and browser actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage section only states that the suite can be installed and that skills can be used independently or combined, but it does not define invocation boundaries or safeguards for sensitive operations. In a bundled skill that includes security configuration, automated installs, and browser control, missing boundaries can lead to unsafe or surprising agent behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises security hardening, monitoring, automatic skill installation, and headless browser automation, but provides no user-facing warnings that these features may change system state, access external services, or interact with websites. Lack of warnings and consent language is dangerous because users and agents may treat the suite as low-risk utility tooling despite its potentially invasive capabilities.

Ssd 2

Medium
Confidence
96% confidence
Finding
The documentation markets a capability to 'humanize' AI text specifically to bypass detection, which is an evasion use case rather than a neutral writing aid. Framing the feature around defeating detection systems materially raises abuse risk for fraud, academic dishonesty, policy evasion, and other deceptive activity.

Ssd 2

Medium
Confidence
98% confidence
Finding
The skill explicitly promotes making AI-generated text 'undetectable' and bypassing detection systems, which is evasion-oriented functionality rather than neutral content editing. This is dangerous because it facilitates circumvention of integrity, moderation, academic, hiring, or platform trust controls, and the wording itself is a red flag under adversarial review.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal