ClawHub

team-discuss

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate multi-agent discussion helper, but it can store discussion content and involve configured sub-agents.

Install only if you want a structured multi-agent discussion workflow. Avoid secrets, personal data, and sensitive business content unless you trust the configured sub-agents and the local storage location; review or delete saved discussion files as needed, and do not treat agent consensus as authorization to take real-world action without human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill is documented as suitable for essentially any topic, including sensitive domains like policy, scientific controversies, and broad decision-making, without meaningful scope limits or safety gating. Because it can orchestrate real sub-agents and persist discussion state, this broad framing increases the chance it will be invoked in inappropriate, high-risk, or privacy-sensitive contexts where users may over-trust the output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly advertises real sub-agent execution via sessions_spawn and file-based persistence, but does not clearly warn users that invoking the skill may trigger external agent actions and store discussion data on disk. This can lead to unintended data disclosure, persistence of sensitive content, or unexpected downstream actions by spawned agents, especially when users assume the tool is a purely local reasoning aid.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal