Team Agents Orchestrator
Security checks across malware telemetry and agentic risk
Overview
The artifacts appear to be a legitimate ClawHub developer and moderation skill set with disclosed privileged actions rather than hidden or deceptive behavior.
Install this only in environments where you are comfortable granting ClawHub maintainer tooling access to local repositories, GitHub/registry credentials, and staff moderation commands. Use confirmation prompts for moderation or deletion actions, and consider disabling full-access autoreview mode with its documented opt-out when reviewing untrusted code.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.