ClawHub

Code Workflow

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate coding workflow skill, but it should be reviewed because broad activation phrases can lead into file writes, GitHub updates, commits, PR handling, and optional artifact dispatch.

Install only if you want a structured agent workflow that can write planning files and operate on your repository. Invoke it explicitly, review the output directory, avoid --rag unless you trust the receiver, and require clear confirmation before issue updates, dependency changes, commits, screenshots/uploads, pushes, PRs, or merges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises many generic invocation phrases such as "code changes," "pull request," and "write plan," which are broad enough to match common developer requests outside the intended workflow scope. This can cause the agent to invoke the workflow unexpectedly, potentially altering execution flow, creating unnecessary files/plans, or steering users into a multi-step process they did not intend to run.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "create PR" is very broad and likely to match many ordinary user requests, causing this skill to activate in contexts where the user did not explicitly ask for the full PR workflow. Over-broad activation can lead to unintended repository actions, extra data capture, or PR creation behavior being invoked without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section allows automatic dispatch of research artifacts to an external receiver via a generic `--rag=<skill>:<topic>` mechanism, with metadata passed through environment variables or JSON, but provides no mandatory consent, trust validation, or data-classification guardrails. Research notes can contain proprietary code structure, issue details, secrets discovered during investigation, or other sensitive context, so optional but silent external transmission materially increases data-leak risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The plan dispatch flow similarly permits sending implementation plans and metadata to external receivers after each write/edit without requiring a privacy warning or explicit confirmation. Plans often include file paths, architecture details, intended code changes, verification procedures, and issue references; exposing that information can leak sensitive design and operational details even if no source code is directly transmitted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal