ClawHub

Lattice

Security checks across malware telemetry and agentic risk

Overview

Lattice is a disclosed template-based automation skill for creating a long-running multi-agent project pipeline; no hidden exfiltration, deception, or unrelated destructive behavior was found.

Install only if you want an autonomous, cron-driven agent pipeline that can modify the chosen repository over time. Use a dedicated repo path, review the generated PIPELINE_STATE.json and cron schedule, keep secrets out of ORG and pipeline files, and consider disabling or tightening peer consult and auto-triage for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to create directories, copy templates, delete example folders, and create cron jobs, but it does not require an explicit safety confirmation before making persistent system changes. If the skill is triggered unexpectedly or the user misunderstands the scope, it could cause unintended filesystem modifications and background task creation that persist beyond the current session.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The template repeatedly tells the orchestrator to 'exit, wait for next trigger' but never defines what event, schedule, or state transition constitutes that trigger. In a long-running multi-agent workflow, this ambiguity can cause duplicate executions, missed retries, race conditions, or unbounded polling behavior that affects correctness and availability.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Requiring actions 'on every trigger' without defining trigger boundaries makes the mandatory STATUS.md update behavior underspecified and easy to misuse. If multiple events count as triggers, the orchestrator may thrash files, overwrite status from concurrent runs, or fail to provide an accurate external state view.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This prompt explicitly instructs the agent to write code into the repository and update a status file, but it does not require any explicit user confirmation, scoped approval, or warning that repository files will be modified. In a system where prompts may be triggered automatically, that creates a real risk of unintended code changes or repository state manipulation beyond what a user expected from invoking the skill.

Context Leakage

High
Category
Data Exfiltration
Content
- Read config.autoTriage, if enabled == true:
   - Check whether this run's RELAX/DEFER count has reached the limit (maxRelaxPerRun / maxDeferPerRun)
   - IF limit not reached AND phase.stuckInfo.triageRequested != true:
     - Collect full context: error info + attempted solutions + consult synthesized solution + CONSTITUTION + SPECIFICATION
     - Read auto_triage.md template (templates/PHASE_PROMPTS/auto_triage.md)
     - Spawn triage agent: sessions_spawn(model=config.autoTriage.triageModel, task=Filled triage prompt)
     - Mark phase.stuckInfo.triageRequested = true
Confidence
96% confidence
Finding
Collect full context

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal