ClawHub

exec-guard

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides command execution, but its unauthenticated HTTP mode and inherited host environment make it powerful enough to require careful review before installation.

Install only if you intentionally want agents or local callers to run shell commands with the privileges and environment of the exec-guard process. Prefer CLI mode or put server mode behind strong local network isolation and authentication, run it under a least-privilege account, avoid exposing secrets through environment variables, and monitor or clean up background processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to execute arbitrary system commands, start background services, and terminate processes, yet the description does not prominently warn that these actions can change system state or disrupt running workloads. In an agent setting, lack of a clear warning increases the chance of unsafe autonomous use or operator approval without understanding the consequences.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The guide promotes arbitrary system command execution, background process control, cross-agent process visibility, log access, and process termination as 'safe' capabilities without any warning about destructive commands, secret exposure in logs, or denial-of-service risks. In an agent-facing skill guide, presenting these actions without explicit authorization, scope, or confirmation requirements can normalize unsafe use and increase the chance of harmful or privacy-impacting actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that the service supports remote invocation and that child processes inherit host environment variables with optional overrides, but it does not prominently warn that this exposes arbitrary command execution and potential secret leakage from the host environment. In the context of an AI-agent skill, this is especially dangerous because agents may expose the HTTP mode or execute untrusted inputs, turning the module into a remote code execution surface with access to sensitive environment-based credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The subprocess environment is built by inheriting all host environment variables and then overlaying user-supplied values. In an agent command-execution context, this can expose secrets such as API keys, tokens, cloud credentials, or CI secrets to any executed command, including untrusted tools or scripts, greatly increasing blast radius.

Natural-Language Policy Violations

Low
Confidence
92% confidence
Finding
The lockfile pins dependency downloads to `https://registry.npmmirror.com/...` rather than the default npm registry, which changes the project's supply-chain trust boundary without any visible justification in this file. While not an exploit by itself, it can expose users to unexpected package provenance, weaker organizational controls, or mirror compromise if consumers assume packages come from the standard registry.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal