ClawHub

Batch Executor

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs review because it is designed to store and process large private data dumps with broad persistence and automation.

Install only if you are comfortable with this skill writing raw and derived corpus contents into the workspace and possibly git history. Use a private workspace, exclude corpus and report paths from git, redact secrets and personal data first, and supervise sub-agent delegation when processing sensitive exports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill requires saving all raw corpus input to disk before any processing, but provides no consent step, minimization guidance, retention limit, or redaction rules. Because this skill is explicitly designed for large mixed-content dumps such as Drive exports, notes, and chat histories, it is likely to capture secrets, personal data, and confidential business material in bulk, creating unnecessary exposure if the workspace is shared, synced, or later reused.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the system to continue processing and modifying state when the user is idle, including checkpointing and git commits, without requiring renewed confirmation. In a high-impact batch executor that can spawn sub-agents and write files, autonomous continuation increases the chance of unintended actions, excessive processing, and unnoticed changes after the user has stopped actively supervising.

Ssd 3

Medium
Confidence
98% confidence
Finding
Persisting all raw corpus input before triage creates broad retention of potentially sensitive data regardless of whether that data is needed for the task. Given the intended inputs include full exports and folder dumps, this significantly increases the blast radius of any later compromise, accidental disclosure, or misuse of the local workspace.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill directs sub-agents to receive the item content plus relevant context from other corpus items, which can propagate sensitive information far beyond the minimum needed for each task. In a corpus-scale workflow, this creates unnecessary lateral data sharing across agents and tasks, increasing the risk of oversharing secrets, private notes, or unrelated confidential context.

Ssd 3

Medium
Confidence
93% confidence
Finding
Appending corpus-derived information into shared reports and learning logs creates secondary copies of potentially sensitive material outside the original processing path. This expands retention, makes deletion harder, and may leak private user content into generalized knowledge files that are more likely to be consulted, reused, or committed later.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal