ClawHub

Action Bias

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about pushing agents to act, but it broadly encourages emails, public posts, repository pushes, API writes, and cold outreach without clear approval or scope limits.

Install only if you deliberately want agents to perform outward-facing work. Before using it, restrict which accounts, tools, repositories, APIs, and destinations agents may use; require human approval for emails, public posts, code pushes, production API writes, and directory submissions; and protect or minimize logs containing contact details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly pushes agents toward externally visible actions such as sending emails, posting content, making API calls, and pushing code, while providing no safety gating, authorization checks, approval steps, or privacy constraints. In an agent environment, this creates a real risk of unintended data disclosure, spam, unauthorized changes, reputational damage, or harmful system side effects because the success criterion is action itself rather than safe, scoped action.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly directs agents to extract and store prospects' names, company details, URLs, and contact information, but provides no constraints on lawful collection, minimization, consent, retention, or secure handling. In a skill designed to push agents toward autonomous external action, this omission raises the risk of privacy violations, unauthorized lead harvesting, and accumulation of personal data in shared files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide instructs agents to turn research into a social media post, i.e. a public external action, without any requirement for user approval, account scoping, or disclosure that the agent may post publicly on the user's behalf. Because the skill's whole purpose is to bias agents toward acting instead of reporting, this creates a meaningful risk of unauthorized or reputationally harmful public communications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These instructions direct agents to publish social posts, submit listings, write and publish blog posts, and commit and push to a repository, all of which are consequential external actions that can alter public content or production systems. No approval, branch protection, target-environment restriction, or publication warning is included, so an agent following this skill could make irreversible public or code changes without adequate human oversight.

Missing User Warnings

High
Confidence
97% confidence
Finding
The outreach section mandates sending cold emails and logging recipient addresses and subjects, but omits consent, anti-spam compliance, privacy safeguards, and approval controls for external communications. In context, this is especially dangerous because the skill is expressly designed to prevent agents from stopping at plans and instead forces direct outbound action, increasing the likelihood of unauthorized contact, spam, regulatory exposure, and reputational harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal