ClawHub

Dev Inbox

Security checks across malware telemetry and agentic risk

Overview

This workflow skill is not malware, but it can automatically steer notes into local memory, TODO files, or GitHub issues with broad activation rules that need review before use.

Install only if you want an agent to help preserve side issues and ideas across sessions. Before using it, confirm each destination explicitly, especially GitHub repository and issue visibility, and avoid using it in chats containing private or sensitive information unless you are comfortable with that content being persisted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to create GitHub issues and labels via the `gh` CLI, which expands its behavior from local note-taking into remote state-changing actions. In a loosely scoped workflow skill, this can cause unintended repository modifications, spammy issue creation, or disclosure of session details to a remote service if activation is triggered incorrectly.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
Claiming the skill works in 'any context' while embedding git/GitHub-specific operational behavior creates a capability mismatch that can mislead the agent into attempting repository-oriented actions in inappropriate environments. That broad framing increases the chance of unsafe tool use, especially when paired with proactive activation and remote issue creation guidance.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Using the generic trigger phrase 'inbox' makes accidental activation likely during ordinary conversation. Because this skill can write files and potentially create remote GitHub issues, overly broad triggering raises the risk of unintended persistence or remote side effects from innocuous user language.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The statement that the skill works in 'any context' creates an overly broad activation and applicability boundary, making it easier for the agent to invoke persistence workflows where they do not belong. In combination with proactive intervention and write-capable tools, this increases the chance of inappropriate recording of unrelated or sensitive content.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The proactive rule to intervene whenever something seems unrelated to the current task is ambiguous and subjective, which can lead to frequent false activations. Given that the skill can persist data locally or remotely, this ambiguity creates a real risk of recording, duplicating, or externally publishing content the user did not intend to store.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal