ClawHub

Agent Autonomy Kit

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill openly enables unattended autonomous agent work, but its scheduled work and heartbeat guidance are too broadly scoped for automatic operation.

Install only if you intentionally want unattended autonomous agent sessions. Before enabling heartbeats or cron jobs, define allowed task types, writable paths, task-queue editors, and approval requirements for external posts, account changes, destructive edits, spawned agents, network actions, and any sensitive data handling. Inspect the referenced GitHub repository separately before cloning it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs the agent to read a task queue, perform work, and then update queue and memory files autonomously, but it does not define boundaries on what files may be modified or require user approval before writing. In an autonomy-focused skill, that omission can cause unattended modification of workspace or user data, especially if queued tasks are malicious, mistaken, or overly broad.

Missing User Warnings

High
Confidence
97% confidence
Finding
The cron examples schedule unattended runs that instruct the agent to review queues, pick priorities, spawn team members, and perform overnight work without a human prompt or explicit approval gate. In this skill's context, that significantly increases risk because the whole purpose is continuous autonomous operation, so mistakes or prompt-injection-derived tasks can be executed repeatedly and at scale while the user is absent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This heartbeat template explicitly instructs the agent to read task files, perform work, and then modify repository state by updating the task queue and writing memory logs, without any user confirmation or clear authorization boundary. In an autonomy-focused skill, that creates a real risk of unintended file modifications, queue churn, or persistent state changes triggered solely by idle time rather than an explicit user request.

Vague Triggers

Low
Confidence
86% confidence
Finding
The instruction to 'Add tasks as you discover them' creates an open-ended authorization boundary with no scope, approval, or safety constraints. In an agent-autonomy skill, this can enable self-expanding work queues, priority drift, and inclusion of unsafe or unreviewed tasks derived from ambiguous context or adversarial inputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal