ClawHub

Claude Flow

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Claude Code orchestration skill, but it gives agents broad install and automation authority without enough scoping or safety guidance.

Review before installing. Prefer npx or a pinned release over the curl-to-bash installer, inspect any installer first, protect API keys and .env files, and only enable MCP tools, hooks, memory, and automatic agent workflows in projects where broad code-reading, code-writing, command execution, and local state changes are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly recommends a one-line remote install command that downloads and immediately executes shell code without any integrity verification, pinning, or safety warning. In an agent skill context, this is especially dangerous because an AI assistant may relay or encourage unsafe execution patterns, enabling supply-chain compromise or arbitrary code execution if the remote script or delivery path is tampered with.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The guide explicitly recommends fetching a remote installer and piping it directly into bash, which executes unreviewed code from the network immediately. This creates a supply-chain and remote code execution risk if the upstream repository, CDN path, branch, or transport is tampered with.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The document tells users to place a sensitive API key in an environment variable and append it to a .env file, but gives no warning about protecting that file or avoiding accidental exposure through source control, logs, shell history, or shared environments. While storing secrets this way is common, omitting handling guidance increases the chance of credential leakage.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documentation states that broad natural-language requests in Claude Code will automatically trigger multi-agent collaboration, including tasks like refactoring and security review. This creates an unsafe prompt-to-action boundary: ordinary chat text may cause autonomous orchestration and potentially code-affecting actions without an explicit confirmation step, increasing the risk of unintended execution or abuse via prompt injection in surrounding context.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide describes hooks that automatically run at lifecycle events, including code-quality and security-scan hooks, but does not warn that hooks may execute commands, modify files, consume resources, or affect project state. In an agentic system with autonomous workflows, silent automatic hook execution materially expands the attack surface and can turn benign tasks into impactful side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting guide includes a destructive memory reset command that can permanently remove historical learning data. Although one inline note mentions loss of history, the operation is still presented as a routine recovery step without a strong warning banner, confirmation guidance, or explicit rollback limitations, which increases the chance of accidental data loss by users following commands verbatim.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document recommends a general reset-to-clean-state command in a 'general diagnostics' section without clearly stating what local state, cached data, learned memory, or configuration may be changed or removed. In an agent-orchestration tool with memory, MCP integration, and local configuration, users may execute this command during troubleshooting and unintentionally disrupt their environment or lose important state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal