ClawHub

Cargo Context

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Cargo CLI helper for reading and updating a workspace context repository, with meaningful but expected risks around credentials, repository writes, and sandbox command execution.

Install only if you intend to let Cargo operate on your workspace context repository. Confirm the workspace before any write/edit, avoid committing raw call transcripts or sensitive customer data, review repo changes carefully, and use sandbox execution only for simple inspection unless you explicitly approve more.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation gives concrete deletion/removal workflow guidance without an explicit confirmation step, backup recommendation, or warning about irreversible data loss and cross-reference breakage. In this skill's context, the repository is a shared git-backed knowledge base, so encouraging deletion via execute/GitHub UI can lead to accidental or broad content removal if a user or agent follows the recipe too quickly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly instructs users to export sales call transcripts from external systems but provides no guidance on handling sensitive customer data, consent requirements, retention limits, or redaction. Because this skill is for inspecting and editing a git-backed context repository, users may commit transcripts or derived sensitive details into persistent workspace context, creating privacy, confidentiality, and compliance risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This documentation explicitly exposes a shell-command execution capability in the runtime sandbox and only suggests "inspection" usage, without a strong safety warning, allowlist, or guidance about command injection, destructive commands, or sensitive data exposure. In an agent skill context, documenting unrestricted execution can normalize unsafe use and increase the chance that downstream automation invokes dangerous commands on user-controlled paths or arguments.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The file documents write and edit operations that overwrite files and push commits to the default branch, but it does not prominently warn that these actions modify persistent user data and repository history. In this skill, that omission is risky because an agent could perform irreversible or unintended content changes under normal-looking workflows, especially when operating on user-supplied paths and content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal