ClawHub

Ralph Quick Security Check

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-check skill that reads the current project and writes a local report, with no evidence of hidden installation, exfiltration, or destructive behavior.

Install only if you want an agent to inspect the active repository for security issues. Run it in the intended project, review `.ralph-report.md` before committing or sharing it, and consider adding `.ralph-report*.md` to `.gitignore` if reports may contain vulnerabilities or secret-like values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrase 'daily security check' is broad and can match ordinary user requests, causing unintended invocation of a skill that reads repositories, runs git discovery, and writes report files. In this context, accidental activation increases the chance of unconsented workspace inspection and modification.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs saving results to `.ralph-report.md` without an explicit user-facing warning or consent flow. In an agent setting, silent writes to the workspace are risky because they modify project state and may surprise users or interfere with tooling and commits.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The report-rotation step renames an existing `.ralph-report.md` file, modifying prior artifacts without explicit consent. Silent renames can disrupt workflows, invalidate references, and alter evidence from previous reviews, which is especially sensitive in a security-audit skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal