ClawHub

dr-api-execution-bootstrap

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it persistently changes workspace agent behavior and can run live API validation, so it needs review before installation.

Install only if you intentionally want this workspace's future agent behavior changed toward fast direct API execution. Before applying it, require the agent to show the exact AGENTS.md or MEMORY.md diff, confirm the API environment is dev/test rather than production, and explicitly approve any live write or side-effecting validation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad enough to match many ordinary API-related tasks, which can cause the skill to activate in situations the user did not clearly intend. Because the skill then directs persistent policy changes and execution behavior changes, over-broad triggering increases the chance of unauthorized workspace modification or unexpected live API activity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to persist policy into workspace bootstrap files such as AGENTS.md or MEMORY.md without an explicit up-front warning that startup behavior will be modified. This creates a durable configuration change that can outlast the current session, influence future agent behavior, and surprise users who only expected temporary assistance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The validation section authorizes a 'small real dev test' immediately after applying the rules, but does not require an explicit up-front warning that live API calls or test-side effects may occur. In an API execution skill, even small validation can hit production-like systems, consume resources, mutate data, or trigger downstream workflows if the environment is misconfigured.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation examples are broad enough to trigger on common workspace-editing requests, which can cause the skill to activate in situations where the user did not clearly consent to changing workspace-wide agent behavior. Because this skill rewrites instruction/bootstrap files and changes execution defaults, ambiguous activation increases the risk of unintended persistent configuration changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to patch AGENTS.md, MEMORY.md, and other bootstrap files, but it does not require prominently warning the user that persistent instruction files will be modified. This is dangerous because these files can alter future agent behavior across the workspace, making the change durable, hard to notice, and potentially capable of weakening safety or oversight by enforcing direct execution defaults.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal