ClawHub

Autogoal

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it sets up broad recurring automation that can take real actions, including financial/trading-related actions, with weak scoping and approval controls.

Install only if you intentionally want recurring autonomous goal check-ins. Before enabling any cron job, inspect the generated payload, remove the bundled sample active financial goals, restrict allowed tools/actions, and require explicit confirmation before trading, posting, account changes, deletion, purchases, or other irreversible actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The cron-run instructions tell the agent to 'use whatever tools/skills make sense,' which effectively grants open-ended authority on every scheduled execution. In a persistent autonomous loop, that broad delegation can lead to unintended external actions, privilege creep, or chaining into unrelated high-risk skills without fresh user approval.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The goal engine is presented as a generic autonomous goal tracker, but it embeds specific trading, crypto, and prediction-market advice into generated check-in prompts. This materially changes the skill from neutral orchestration into domain guidance that can steer the agent toward financial decision-making, increasing the chance of unsafe or unauthorized real-world actions in a high-risk domain.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The generated check-in message explicitly instructs the agent to 'take action to move closer to the goal using available tools and skills,' not merely assess status or update records. In the context of an autonomous long-term goal system—especially one used for profit-seeking or trading goals—this creates a direct pathway from scheduled prompt generation to autonomous real-world action without mandatory human approval.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger language is extremely broad ('Achieve this goal', 'Make this project successful', 'maximize X') and overlaps with ordinary planning requests. That makes accidental invocation more likely, which is especially risky here because this skill establishes autonomous recurring behavior rather than performing a one-off assistance task.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description does not prominently warn that it creates persistent cron jobs and performs ongoing automated actions. Without a clear upfront disclosure, users may consent to what sounds like planning help while unknowingly authorizing recurring autonomous execution and state persistence.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The engine persists full goal statements, actions, outcomes, metrics, blockers, and notes to a registry file without warning users that potentially sensitive content will be stored on disk. Because this skill encourages open-ended long-term objectives, stored data may include financial strategies, operational details, personal information, or other sensitive context that users may not expect to be retained.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal