ClawHub

Cargo Workspace Management

Security checks across malware telemetry and agentic risk

Overview

This workspace-management skill is functional, but it needs review because its recommended session hook can automatically read Claude transcripts, summarize them, and store session summaries remotely without enough privacy guidance.

Install only if you trust Cargo and want an agent to manage workspace users, tokens, files, folders, reports, and session records. Before enabling the session hooks, confirm that Claude transcripts may contain secrets, customer data, or proprietary code; avoid automatic transcript summarization unless your organization approves that data flow. Review files before upload, redact reports aggressively, and verify UUIDs before destructive user, token, or folder removal commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The recommended hooks automate collection and persistence of Claude Code session information, including AI-derived summaries from transcripts, under a skill whose declared purpose is workspace administration. That mismatch matters because it can normalize broader data collection and storage than users or reviewers would expect, increasing the chance of unnoticed retention of sensitive session content.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The session-end hook reads a local transcript file and pipes up to 60 KB of its contents into `claude -p` for summarization. Transcripts can contain secrets, proprietary code, credentials, or sensitive user prompts, so forwarding them to another model/tool without strict scoping, sanitization, or approval creates a real data-exposure path that is not necessary for basic workspace management.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs storing Claude Code session identifiers, titles, and AI-generated summaries in a remote workspace system without warning about privacy, retention, or the risk of including sensitive prompts, outputs, or identifiers. This can lead operators to persist confidential or regulated information in shared administrative systems without informed consent or minimization.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file upload section tells users to upload local files and notes the return of an s3Filename, but it does not clearly warn that local data is transmitted to remote storage/workspace infrastructure. Users may upload sensitive local datasets under the mistaken assumption that the action is local inspection or low-risk metadata handling, causing unintended disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guidance explicitly tells users/agents to include exact commands, full error messages, and relevant UUIDs in reports sent to an official feedback channel, but only mentions redacting secrets/tokens and provides no broader privacy or data-minimization warning. In practice, commands, errors, and identifiers can contain sensitive operational metadata, customer data fragments, internal resource IDs, or other confidential context, creating a realistic risk of oversharing to an external reporting system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented hook sends transcript content to `claude -p` without any user-facing disclosure, consent flow, or data-handling warning. Because transcripts may include highly sensitive material, silent transmission undermines informed consent and can cause unintended leakage to external processing systems or logs.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The example shows a destructive user-removal command without any warning, confirmation guidance, or note about the effect of removing a workspace member. In a workspace-management skill, this increases the chance of accidental privileged misuse or operator error, especially if a user copies the command directly with the wrong UUID.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal