ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This BitNet setup skill is mostly coherent, but it asks agents to run remote installers and handle tokens without enough safeguards, so users should review it before use.

Before installing, review each command and approve state-changing steps manually. Prefer an isolated environment, avoid piping curl or wget directly into bash, inspect and pin remote scripts or cloned code when possible, expect persistent package/model files, and use a scoped Hugging Face token through safer login or secret handling rather than inline export.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to create environments, clone a repository, install dependencies, download large models, and run setup scripts, but it does not warn the user that these actions modify the local system, consume substantial disk/network resources, and may execute unreviewed third-party code. In an agent setting, lack of upfront disclosure can lead to unsafe or unexpected side effects before the user gives informed consent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The macOS instructions tell users or an AI agent to execute a remote shell script fetched via curl directly into bash, with no integrity verification, pinning, or warning about arbitrary code execution and system modification. This is dangerous because any compromise of the remote host, CDN, DNS, TLS trust chain, or upstream script could lead to immediate code execution on the local machine.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Linux instructions execute a remote script from apt.llvm.org directly through bash, again without verification or any warning that this grants downloaded code execution privileges on the system. In an agent-execution context, this is especially risky because the document explicitly frames some commands as auto-executable, increasing the chance that unreviewed remote code is run non-interactively.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs users to execute a network-fetched shell script directly with `bash -c "$(wget -O - ...)"`, which removes any opportunity to inspect or verify the downloaded content before execution. If the remote host, transport, or script content is compromised, this can lead to immediate arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document tells users to export a HuggingFace token directly in the shell environment without advising on credential hygiene. Tokens placed this way may be exposed through shell history, process inspection, logs, or inherited environments, increasing the risk of credential leakage and unauthorized model/account access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal