ClawHub

Session Handoff

Security checks across malware telemetry and agentic risk

Overview

This skill creates local session handoff notes, and its file-writing and git-inspection behavior is clearly tied to that purpose.

Install this only if you want the agent to create local handoff files in your project. In private or shared repositories, review the generated handoff before committing or sharing it, because it may include branch names, paths, command results, errors, and conversation details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to create or overwrite repository files as part of normal execution without requiring an explicit confirmation that files will be modified. In practice this can lead to unexpected writes to tracked project paths, accidental overwrites of an existing handoff, or persistence of content the user did not intend to save.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs collection of git status, diffs, logs, stash information, and full conversation-derived details, then persists them into a handoff artifact with no privacy gate or redaction requirement. This can capture sensitive branch names, commit messages, stash descriptions, internal paths, secrets mentioned in chat, or other operational details that are then stored on disk for later access.

Ssd 3

Medium
Confidence
96% confidence
Finding
By telling the agent to derive the handoff from conversation history and git state and to save it automatically, the skill creates a direct path for sensitive user-provided information to be copied into a persistent file. Session summaries often include commands, environment details, incidents, and troubleshooting notes that may contain secrets or confidential business context.

Ssd 3

Medium
Confidence
98% confidence
Finding
The instruction to review the full conversation and extract detailed goals, commands, errors, decisions, and history substantially increases the chance that sensitive inputs are copied into durable storage. Because the agent is told to be precise and prefer concrete facts, it is incentivized to preserve potentially sensitive details rather than abstract them away.

Ssd 3

Medium
Confidence
99% confidence
Finding
The template explicitly stores absolute working directory paths, command outcomes, error text, history, and contextual notes, all of which can expose sensitive project structure, internal infrastructure, user names, repository layout, or incident details. Persisting this in a tracked repository or shared workspace amplifies the exposure to future readers and systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal