ClawHub

Local Task Runner

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives an agent broad local code execution power without strong safety boundaries.

Install only if you explicitly want your agent to run local Node.js code on your machine. Treat each invocation like running a terminal script: review the code first, use trusted inputs only, require confirmation, and prefer a sandboxed or disposable environment without sensitive files or secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The helper executes shell commands via child_process.exec, and the skill's core behavior is to run caller-provided JavaScript by spawning a local Node.js process. This creates arbitrary local code execution capability with the privileges of the current user, which is dangerous in an agent skill because untrusted input can read files, access network resources, or invoke further system commands.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The supplied code is written to a .js file and executed with node, giving that code the full capabilities of the local runtime. Because there is no sandboxing, the executed script can access the filesystem, environment variables, network, and child processes, leading to data theft, system modification, or persistence.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly enables execution of arbitrary Node.js code on the local host, but its description presents this as a convenience mechanism and safety wrapper without clearly warning about the host-level code-execution risk. This can mislead an agent or user into invoking a dangerous primitive in routine workflows, increasing the chance of unauthorized command execution, file access, network activity, or persistence on the machine.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill accepts attacker-controlled code, writes it to disk, and executes it as a subprocess without any trust boundary, validation, or explicit safety controls. In the context of an agent skill, this is especially dangerous because it normalizes execution of untrusted code and can be abused for arbitrary command execution, file exfiltration, or destructive actions on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal