ClawHub

Async Programming

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to delegate coding work to background agents, but it can start those agents for broad programming requests without a clear opt-in.

Install only if you want programming requests to be handed off to background coding agents. Before using it, confirm that your OpenClaw setup lets you control when sub-agents start, what files or repositories they can touch, how to stop them, and whether you can review changes before they are applied.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger conditions are so broad that this skill will activate for nearly any coding-related request, causing automatic sub-agent spawning without clear scoping, consent, or gating. In this context, that increases the chance of unintended task execution, resource abuse, and misrouting sensitive repository work to a child agent before the user’s intent is clarified.

Vague Triggers

High
Confidence
92% confidence
Finding
The skill is configured to activate on a very broad class of programming-related requests and instructs the agent to immediately spawn a coding subagent. That creates a wide attack surface where ordinary coding conversations can trigger autonomous code execution workflows without sufficient narrowing, confirmation, or safety gating, increasing the chance of unintended file changes, unsafe dependency installation, or execution of harmful user-supplied instructions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation condition 'when the user requests a programming task' is very broad and can cause this skill to trigger on many normal coding-related conversations without clear boundaries, confirmation, or exclusions. Because the skill immediately spawns subagents and responds before completion, an overly broad trigger increases the chance of unintended background actions, task fan-out, or misuse of agent capabilities.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal