ClawHub

Agent Dev Toolkit Cahdieng

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent agent-development toolkit, but it needs Review because it teaches high-impact wallet, browser, and agent-permission workflows with some under-scoped safeguards.

Install only if you are comfortable with an agent toolkit that can guide browser automation, external publishing, and crypto-wallet operations. Before using it, require human confirmation for every transaction, swap, contract call, refund, post, or form submission; set wallet policies before funding any wallet; avoid wildcard WebFetch permissions; and use testnets, sandbox accounts, and least-privilege tokens first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (14)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes browser automation and wallet creation as quick-start actions without any warning about privacy exposure, unintended web interactions, or the financial consequences of creating and using a crypto wallet. In an agent-development toolkit, users may treat these commands as low-risk setup steps, which increases the chance of accidental access to sensitive sites, unsafe automation, or asset-impacting actions without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill advertises wallet capabilities including transfers, swaps, smart contract interaction, and autonomous payment without any explicit user-facing warning about irreversible fund movement, approval risks, gas costs, or on-chain execution. In an agent toolkit context, this omission is dangerous because users may invoke high-risk financial actions through automation without understanding that the agent could move assets or interact with contracts with real monetary consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The browser automation section promotes scraping, form filling, submission, and complex multi-step web actions but provides no warning that automation may submit live forms, trigger purchases or account changes, violate site terms, or collect sensitive data. In a toolkit meant to build autonomous agents, the lack of cautionary guidance increases the chance of unintended external actions and privacy/compliance issues.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The auto-trigger list contains broad, common phrases like 'build agent', 'agent workflow', and 'model selection' that can cause the skill to activate in routine conversations without clear scoping. In an agent-development skill, overbroad activation increases the chance of unintended delegation, unnecessary tool exposure, or the model following instructions from this skill when the user did not actually request it.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The guidance explicitly recommends strong auto-delegation phrasing such as 'MUST BE USED' and 'Use PROACTIVELY' without pairing it with strict scope boundaries, exclusions, or validation criteria. In an agent-development toolkit, this can cause agents to trigger on ambiguous prompts, leading to over-broad delegation, execution of inappropriate tools, or accidental expansion of an agent's operational scope.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example 'Use PROACTIVELY for any visual QA task' is overly broad because 'visual QA' can overlap with many common requests, including screenshot review, UI debugging, accessibility checks, and design feedback. In this toolkit context, broad trigger wording increases the chance that the platform auto-selects the wrong agent for loosely related tasks, which can misroute work and expose downstream tools or data unnecessarily.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase 'Use PROACTIVELY for browser automation' lacks constraints on which browser tasks qualify, so it can match a wide range of normal requests. Because this skill is an agent-development toolkit that may connect automation agents to powerful tooling such as Playwright, vague auto-delegation criteria can lead to unintended browser actions, navigation, or scripted interactions being proposed or invoked in situations where they are not warranted.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file explicitly recommends `WebFetch(domain:*)`, which grants unrestricted outbound network access to agents without user confirmation. In an agent-development toolkit, this is risky because prompts, repository contents, secrets in files, or other sensitive context could be transmitted to arbitrary domains if an agent is induced to fetch attacker-controlled URLs or use network access in unsafe ways.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest description uses very broad activation criteria such as 'Use when writing SKILL.md files, README files, API docs, or any documentation that will be read by LLMs,' which can cause the skill to trigger for a wide range of normal documentation tasks. Over-broad routing increases the chance that this skill overrides a more specific or safer skill, creating unnecessary prompt surface area and potentially influencing unrelated tasks with its guidance.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill is described in broad, action-oriented terms for creating and using a wallet for transfers, swaps, and arbitrary EVM transactions, but it does not define clear trigger conditions, approval gates, or when an agent must stop and ask the user before taking fund-moving actions. In an agent setting, vague invocation criteria can cause the skill to be used opportunistically or too early, increasing the chance of unintended financial operations.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill documents irreversible operations such as transfers, token swaps, and arbitrary contract calls without prominent warnings about loss of funds, wrong-address risk, slippage, smart-contract risk, or the impossibility of reversing blockchain transactions. Because the skill is designed for autonomous agents handling wallets, weak warning language materially increases the likelihood of harmful user or agent mistakes.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example instructs users to connect a content agent to external publishing platforms and supply credentials or API tokens, but it does not warn that content, metadata, and secrets will be transmitted to third-party services. In a skill intended for automation, this omission can lead users to expose sensitive drafts, account access, or production publishing capabilities without informed consent or safeguards.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The analytics section enables automated tracking and reporting without notifying users that performance data may be collected, processed, and transmitted to external systems. This is risky because content analytics can include behavioral, campaign, or business-sensitive information, and users may unknowingly enable data flows with privacy or compliance implications.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The example shows browser automation retrieving order status from a customer-order page but does not mention authentication, authorization checks, consent, or privacy handling for customer data. In an agent toolkit context, users may copy this pattern directly, which can normalize access to sensitive order information without clear safeguards and increase the risk of privacy violations or unauthorized data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal