ClawHub

Handoff Receiver

Security checks across malware telemetry and agentic risk

Overview

This is a coherent handoff-continuation skill that reads and updates project handoff files without evidence of hidden data collection, exfiltration, or destructive behavior.

Install this if you want an agent to resume work from checked-in handoff documents and update those documents as it works. Invoke it with explicit handoff language, review CURRENT and INDEX if the repository has stale or parallel handoffs, and expect handoff metadata files to be modified during normal use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "resume" is overly broad and can activate this skill in contexts unrelated to explicit handoff continuation. Because this skill resumes prior work and updates handoff state, accidental invocation could cause unintended execution of stale next steps or continuation under the wrong repository/session context.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad natural-language phrases such as 'continue from handoff' and 'pick this up from previous session', which can plausibly occur in ordinary collaboration and accidentally invoke the skill. Unintended activation is risky here because the skill immediately reads repository state and may later modify handoff artifacts, causing workflow disruption or unintended file changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to update the latest handoff in place, create new handoffs, move CURRENT pointers, and modify INDEX.md, but it does not require notifying the user up front that repository files will be changed. This can lead to silent state mutations in version-controlled files, especially if the skill is activated unexpectedly or the user intended read-only analysis.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal