ClawHub

Sage Cgo

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it automatically writes persistent business-memory files and workspace agent-instruction files without a clear consent or dry-run step.

Install only if you want Sage CGO to maintain a persistent local business/growth memory in ~/.sage and to add Sage CGO role instructions to your workspace. Review the scripts first, especially bootstrap_workspace_identity.sh, and run them only in workspaces where changing AGENTS.md or CLAUDE.md is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs the agent to persist company and growth data under `~/.sage/growth/` and create a workspace mirror, but it does not require clear user consent or foreground that local files will be created or modified. In an agent setting, silent persistence can expose sensitive business information, create unintended state across sessions, and surprise users who expected advisory-only behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The startup flow instructs execution of shell scripts (`bootstrap_workspace_identity.sh`, `init_sage.sh`, and potentially `ensure_growth_extension.sh`) that can initialize directories and alter local state, yet the skill text does not prominently warn users or require confirmation before those operations. This is risky because agent-triggered script execution expands the attack surface from passive guidance to active filesystem modification, especially in environments where users may not inspect every script first.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
This skill file is written entirely in Chinese and does not offer a language choice, translation path, or explicit opt-in for non-Chinese users. In an agent skill that instructs reads and writes to shared state under ~/.sage, language opacity can cause users or downstream reviewers to misunderstand filesystem effects, consent boundaries, and operational behavior, increasing the risk of unsafe use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script creates and overwrites multiple workspace instruction files (for example AGENTS.md, CLAUDE.md, IDENTITY.md) without any confirmation, dry-run mode, or backup. In an agent-skill context, these files can materially change downstream agent behavior and trust boundaries, so silent modification of them is security-relevant even if the content is not overtly malicious.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal