ClawHub

Superclaw

Security checks across malware telemetry and agentic risk

Overview

Superclaw is a strict coding-workflow skill that reads project context, writes plan/progress files, and can spawn task agents, but those behaviors are disclosed and aligned with its purpose.

Install this if you want your agent to enforce a stricter design-plan-execute workflow. Expect it to read workspace memory/context, save design and plan files, log progress, spawn task agents, and modify project files during approved implementation batches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The package summary states that skills will auto-load when relevant tasks are detected, but it does not define narrow trigger conditions, user confirmation requirements, or safety boundaries. In a workflow skill that can create files, update memory, and chain into execution phases, broad automatic invocation increases the risk of unintended activation and unauthorized workspace modifications from ambiguous prompts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The summary describes automatic document creation and memory updates as normal workflow behavior without prominently warning that the skill may modify the workspace and persistent memory. Because this package orchestrates multiple chained skills, undisclosed write behavior can cause unexpected persistence, overwrite user artifacts, or leak sensitive task context into memory files without informed consent.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README states that skills auto-load when relevant tasks are detected, but it does not define tight activation boundaries or require explicit user confirmation. In an agent framework, broad auto-activation can cause the skill to engage on loosely related requests, leading to unintended planning, memory reads, or file writes that the user did not clearly request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The brainstorming trigger covers generic activities like creating features, building components, and adding functionality, which are common across many software tasks. This breadth increases the chance that the agent invokes a restrictive workflow when the user only wants a quick answer or limited assistance, potentially causing unnecessary data access and side effects.

Vague Triggers

Low
Confidence
74% confidence
Finding
The executing-plans trigger says it runs when an implementation plan exists, but it does not specify who approved the plan, whether execution was explicitly authorized, or what safeguards apply before starting task batches. That ambiguity could let an agent proceed from planning into action without a clear user checkpoint.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises reading MEMORY.md, USER.md, and daily logs and writing design/plan documents, but it does not clearly warn users about what data may be accessed, persisted, or exposed in generated artifacts. In agent environments, silent context aggregation and document creation can collect sensitive project or personal information beyond what the user expects.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger text is broad enough to activate this workflow for many generic software requests, which can cause the agent to automatically enter a chained multi-skill process without sufficiently narrow scoping. In this skill, that risk is amplified because each phase automatically invokes the next, so an overbroad match can create unintended workflow capture, unnecessary file writes, and excessive agent actions beyond the user's immediate request.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is extremely broad and matches a wide range of normal development requests, so this skill can activate in many situations where a narrower skill would be more appropriate. That creates control-flow risk in the agent: it can consistently force a design-gate workflow, read additional context files, and steer subsequent behavior even when not intended, increasing the chance of prompt-scope overreach or denial-of-service to normal task execution.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill explicitly instructs writing execution progress to persistent memory files under `workspace/memory/YYYY-MM-DD.md` but does not warn that task details, file names, errors, or potentially user-provided content may be stored. This creates a privacy and data-minimization issue because sensitive implementation details or user data can be retained beyond the active session without explicit user awareness or consent.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The skill instructs the agent to read memory files and write plan documents without an explicit user-facing notice or confirmation about accessing and modifying workspace data. This can lead to unexpected data access or file creation, which is especially relevant in agent environments where users may not realize persistent files are being consulted or changed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal