ClawHub

Subagent Architecture

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it needs Review because its optional external-sharing and credentialed consultation patterns are broader than its top-level disclosures suggest.

Install only if you intend to use advanced subagent orchestration and are comfortable reviewing the external collaboration patterns before use. Keep peer review and external model consultation disabled unless you explicitly choose trusted endpoints, approve exactly what leaves your workspace, and avoid sending secrets, proprietary code, user data, or sensitive task metadata without additional redaction and retention controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The file explicitly states no API keys, tokens, or env vars are required or auto-read, but later instructs use of environment-variable stored keys for external model consultation. This contradiction is dangerous because it can mislead users and scanners about credential handling, increasing the risk of unsafe deployment, accidental secret exposure, or enabling external data egress under false assumptions.

Intent-Code Divergence

High
Confidence
92% confidence
Finding
The document claims all reference implementations are dependency-free and make no external API calls, yet later describes libraries for direct external API consultation, session management, and provider bridges. This creates a materially misleading security posture: users may trust or import code believing it is local-only when it can facilitate outbound communication and persistence.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template explicitly packages artifacts for external peer review and includes fields like content/URL, context, and requester identity, but it does not require an explicit user-facing consent or warning before transmitting data to third parties. Even with sanitization guidance later in the document, users may unknowingly send proprietary code, metadata, or regulated information outside their trust boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Discord/message examples operationalize sending sanitized code or URLs to external bots, which normalizes third-party data transfer without a clear user warning or approval gate. 'Sanitized' reduces risk but does not eliminate leakage of proprietary logic, hidden secrets, sensitive context, or compliance-relevant data, especially when using consumer messaging platforms or external APIs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal