ClawHub

Acp Harness Delegation

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it asks users to globally auto-approve delegated agent actions and store provider credentials, which needs review before use.

Install only if you trust the ACP harnesses and understand that the recommended configuration can let delegated agents act without approval prompts. Prefer read-only or per-action approval, restrict the working directory, protect `~/.acpx/config.json` and API keys, and avoid global `approve-all` for routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs operators to set `defaultPermissions: "approve-all"`, which disables user approval gates for all delegated harness operations in automated environments. Because this skill is specifically about spawning external agent runtimes, auto-approving all actions materially increases the chance of unauthorized file changes, command execution, network access, or other high-risk side effects without meaningful review.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill includes direct instructions for checking and storing `ANTHROPIC_API_KEY` in environment variables and persistent config without any warning about secret handling, access controls, logging, or accidental disclosure. In a delegation/orchestration skill, this is more dangerous because multiple tools, sessions, and agents may inherit or expose credentials, expanding the blast radius if the key is leaked.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explicitly recommends configuring `defaultPermissions` as `approve-all`, which grants blanket approval for operations including writes in an automation/delegation harness context. In a skill designed to delegate to external ACP-enabled agents, this materially increases the blast radius of mistakes, prompt injection, or compromised downstream tools, especially because the surrounding text presents it as the recommended setup without a prominent security warning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal