ClawHub

Sharedintellect Quorum

Security checks across malware telemetry and agentic risk

Overview

Quorum is a disclosed validation tool, but users should treat it as a file-reading LLM workflow and not run it on private projects without understanding where analyzed content is sent.

Install only if you are comfortable running a Python package cloned from GitHub and sending selected project files to your configured LLM provider. Prefer reviewing the cloned repository or pinning a commit before use, avoid pointing batch mode at directories containing secrets, and use --no-learning for sensitive reviews.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
f"Invoke-ScriptAnalyzer -Path '{escaped_path}' "
                "-Severity Warning,Error | ConvertTo-Json"
            )
            result = subprocess.run(
                ["pwsh", "-Command", ps_command],
                capture_output=True,
                text=True,
Confidence
84% confidence
Finding
result = subprocess.run( ["pwsh", "-Command", ps_command], capture_output=True, text=True, timeout=60, )

eval() call detected

High
Category
Dangerous Code Execution
Content
import time
        time.sleep(1)
    elif mode == "dangerous":
        result = eval(data["value"])  # Security issue: eval on user input
    else:
        result = data["value"]
Confidence
99% confidence
Finding
result = eval(data["value"]) # Security issue: eval on user input

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the orchestrator to invoke a local Python script through Bash, which expands the execution surface from passive analysis into arbitrary local code execution. Even though the target script path is described as local and fixed relative to the skill, this still means using a shell-capable tool in a validation workflow, increasing risk if the script is modified, replaced, or if the surrounding environment is untrusted.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The instruction to report a PASS when all critics fail creates a fail-open validation path: users may interpret a completely unevaluated artifact as approved. In a security or quality gate context, this can enable unsafe code or configurations to be shipped because the system emits a success verdict despite total loss of assurance.

Context-Inappropriate Capability

High
Confidence
84% confidence
Finding
The pipeline can automatically generate, apply, and persist LLM-produced modifications to analyzed artifacts, yet the revalidation only re-runs critics tied to prior blocking findings rather than performing full validation of the rewritten artifact. This creates a real integrity risk: unsafe or malicious changes could be introduced, appear 'improved' against a narrow subset of critics, and be saved as artifact-fixed.txt for downstream human or automated consumption.

Unvalidated Output Injection

High
Category
Output Handling
Content
f"Invoke-ScriptAnalyzer -Path '{escaped_path}' "
                "-Severity Warning,Error | ConvertTo-Json"
            )
            result = subprocess.run(
                ["pwsh", "-Command", ps_command],
                capture_output=True,
                text=True,
Confidence
80% confidence
Finding
subprocess.run( ["pwsh", "-Command", ps_command], capture_output

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal