Claude Code Delegate

Security checks across malware telemetry and agentic risk

Overview

This skill openly delegates coding to Claude Code, but its default setup can give a background coding agent broad filesystem power without mandatory guardrails.

Install only if you intentionally want an OpenClaw agent to hand coding tasks to a local Claude Code CLI. Before use, set up an enforceable write-guard or path allowlist, run it only inside an isolated project directory, avoid repositories containing secrets, and treat session resume as project-specific rather than reusable across unrelated work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill auto-triggers on extremely broad programming-related requests and then delegates them to a local CLI configured with `--permission-mode bypassPermissions`, which can perform filesystem modifications without interactive approval. This creates a real risk of unintended execution from ordinary user prompts, especially because the skill is user-invocable and designed to run shell commands against a local project directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal