ClawHub

clrun - Interactive CLI for agent with a LLM readable YAML response surface

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for controlling an interactive terminal CLI; its powerful shell access is clearly part of the stated purpose, but users should handle commands and secrets carefully.

Install only if you want an agent to control terminal sessions on your machine. Use it in a sandbox or project-specific directory when possible, review commands before destructive or privileged actions, and avoid putting real API keys or tokens into sessions the agent can read or echo.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly encourages executing arbitrary interactive CLI commands and managing long-running shell sessions, but it provides no safety guidance about destructive commands, privilege-sensitive operations, or validating user intent before execution. In an agent context, this increases the chance the agent will invoke system-changing commands directly, making accidental harmful execution more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section states that session input can be used to send shell commands into a running terminal, effectively enabling arbitrary command execution through a persistent interactive session. Without explicit warnings or guardrails, an agent may treat this as routine input handling and execute harmful commands, especially when interacting with prompts or compromised terminal output.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation demonstrates setting a plaintext API key in a persistent shell session and then echoing it back to the terminal, which normalizes unsafe credential handling and can expose secrets through logs, transcripts, scrollback, screenshots, or later session reuse. In a skill specifically designed to maintain persistent interactive CLI state, this is more dangerous because secrets may remain available across suspension/resume and be unintentionally disclosed or reused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal