ClawHub

safe-subagent-spawn

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it permanently stores full subagent context and outputs and reuses that history across future subagents.

Install only if you are comfortable with persistent full-text logs of subagent tasks, user background, external messages, and child outputs. Do not use it for secrets, sensitive personal data, credentials, regulated data, or tasks where later subagents should not see prior context unless you add your own redaction and retention process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires permanent verbatim retention of background and all child outputs in shared context files, creating a durable disclosure channel for sensitive prompts, secrets, and user data. Because later subagents read the entire file, any confidential information copied once can be propagated indefinitely to additional agents and future rounds.

Ssd 3

Medium
Confidence
97% confidence
Finding
This workflow explicitly instructs the parent to append externally gathered information and full child outputs into a reusable shared context, which multiplies exposure of sensitive material across rounds and across agents. That makes the context file a cross-agent exfiltration surface where one agent's outputs or external data become accessible to subsequent agents without need-to-know controls.

Ssd 3

Medium
Confidence
98% confidence
Finding
The design principles explicitly mandate full-history, no-summary, permanent retention as an audit trail, which institutionalizes over-collection and indefinite storage of potentially sensitive data. In a subagent orchestration context this is especially dangerous because multiple agents may repeatedly consume that retained history, increasing both accidental disclosure and prompt-data leakage risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal