ClawHub

Omnidebug Autopilot

Security checks across malware telemetry and agentic risk

Overview

This debugging skill is not clearly malicious, but it gives agents broad autonomous authority to run commands, edit code, and collect sensitive browser artifacts with limited scoping.

Install only if you are comfortable with an agent autonomously running project commands, modifying files, and saving local debug artifacts. Use it in a sandbox or disposable workspace for untrusted code, review every command before execution when possible, and inspect or redact .debug outputs before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_once(cmd: str, cwd: Path, output_dir: Path, index: int) -> RunResult:
    start = time.time()
    proc = subprocess.run(cmd, cwd=str(cwd), shell=True, text=True, capture_output=True)
    duration_ms = int((time.time() - start) * 1000)
    stdout_path = output_dir / f"run_{index}.stdout.log"
    stderr_path = output_dir / f"run_{index}.stderr.log"
Confidence
97% confidence
Finding
proc = subprocess.run(cmd, cwd=str(cwd), shell=True, text=True, capture_output=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run_once(cmd: str, cwd: Path, output_dir: Path, index: int, forbidden: list[str]) -> RunResult:
    start = time.time()
    proc = subprocess.run(cmd, cwd=str(cwd), shell=True, text=True, capture_output=True)
    duration_ms = int((time.time() - start) * 1000)
    stdout_path = output_dir / f"run_{index}.stdout.log"
    stderr_path = output_dir / f"run_{index}.stderr.log"
Confidence
98% confidence
Finding
proc = subprocess.run(cmd, cwd=str(cwd), shell=True, text=True, capture_output=True)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes autonomous, no-interruption execution and browser/network artifact capture, but it does not clearly warn that these actions may run arbitrary project commands, collect sensitive logs/HAR/traces, or affect local/remote systems. In a debugging skill, this increases the chance an agent will execute high-impact workflows without informed user consent or scope limits, creating privacy and operational risk.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The quick-start triggers are so broad that common phrases like 'debug this' or 'fix this bug' can activate an autonomous mode that patches code, runs commands, and verifies changes without further confirmation. In this skill's context, broad invocation language materially increases the risk of accidental activation of high-impact behavior.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises autonomous failure detection, patching, and verification without prominently warning that it may modify source code, execute shell commands, and collect debugging artifacts. That lack of disclosure is dangerous because users may unintentionally authorize invasive actions in sensitive repositories or environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The browser debugging module directs collection of traces, screenshots, videos, HAR files, console logs, request/response metadata, and OS/browser details, all of which can contain tokens, personal data, internal URLs, and application secrets. Without an explicit privacy warning and sanitization guidance, the skill encourages sensitive artifact capture and bundling by default.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This script recursively collects browser artifacts such as screenshots, videos, HAR files, traces, and logs, then copies them into a bundle and emits a manifest containing absolute source and target paths plus file hashes. Those artifact types frequently contain secrets, session tokens, internal URLs, page contents, and user data, and the script provides no consent prompt, sensitivity filtering, or redaction before aggregating them, which increases the risk of accidental data exposure in an autonomous debugging workflow.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The code accepts and runs an arbitrary reproduction command with no warning, consent, or trust boundary checks. In the context of an autonomous end-to-end debugging skill, this increases operational risk because the agent may execute destructive, networked, or privacy-impacting commands automatically under the guise of reproducing an issue.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script persists full stdout and stderr to disk without any disclosure or redaction, which can capture secrets, tokens, personal data, internal paths, or proprietary source snippets emitted by the reproduced command. In a debugging/autopilot context, broad automated logging is particularly risky because failures often dump sensitive diagnostics and the logs are stored by default.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal