ClawHub

Dotfile

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate dotfile and sync helper, but it gives agents instructions for lasting config, memory, database, and startup changes without consistent safeguards.

Install only if you want an agent to manage dotfiles, MCP configs, Syncthing, and project memory. Before using it, require the agent to show exact target paths and diffs, redact secrets and sensitive infrastructure details, confirm every write/reset/apply/startup change, and keep backups until Syncthing rebuilds and sync state are verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest includes many broad trigger phrases such as "external sync," "sync status," and "ignored files," which can cause the skill to be invoked in situations beyond the author's likely intent. Because this skill covers configuration management and synchronization actions, unintended invocation increases the chance that an agent suggests or performs changes to sensitive dotfiles or sync state without sufficient user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises operations like API cleanup, DB reset, and deleting index-v2 as quick-reference actions without visible warnings about data loss, reindexing side effects, or the need for backups and confirmation. In a synchronization and dotfile-management context, these actions can disrupt config state, erase local sync metadata, or propagate incorrect changes across devices if an agent follows the guidance too readily.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to extract knowledge from sessions or the current conversation and persist it to Serena memory, but it provides no safeguards for secrets, personal data, credentials, internal paths, or other sensitive context that may appear in those sources. Because the destination is persistent memory and the guidance explicitly encourages saving infrastructure details and issue history, this can create long-lived sensitive data retention and unintended cross-session exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The DB reset procedure includes destructive filesystem operations and then suggests deleting the only backup shortly after restart. Although framed as troubleshooting guidance, it lacks a strong warning to retain the backup until integrity and sync state are fully verified, which can cause irreversible loss of recovery material if the rebuild fails or the wrong path is targeted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The Windows reset flow force-terminates Syncthing processes, moves the index directory, and then deletes the backup without a strong caution about rollback and recovery. In an agent skill, users may execute these steps verbatim under elevation, so insufficient guardrails increase the chance of accidental destructive actions and loss of the only restorable copy.

Session Persistence

Medium
Category
Rogue Agent
Content
**Recommended approach**: Task Scheduler at user logon + VBS launcher for hidden execution. No password storage required. Run via `gsudo` (see `~/.agents/rules/windows.md` "Admin command = gsudo default").

##### Step 1: Create VBS hidden launcher

`syncthing.exe` is a console app — running it directly from Task Scheduler shows a console window that, **when closed, terminates the process**. Wrap it in VBS to launch hidden.
Confidence
87% confidence
Finding
Create VBS hidden launcher `syncthing.exe` is a console app — running it directly from Task Scheduler shows a console window that, **when closed, terminates the process**. Wrap it in VBS to launch hi

Session Persistence

Medium
Category
Rogue Agent
Content
```powershell
# Run as Admin (or via gsudo)
sc.exe create syncthing binPath= "`"$shawl`" run --name syncthing -- `"$syncthing`" --no-browser --home=$home" start= auto obj= $user password= "<USER_PASSWORD>"
# Plus: grant "Log on as a service" right via secpol.msc or ntrights.exe
```
Confidence
90% confidence
Finding
create syncthing binPath= "`"$shawl`" run --name syncthing -- `"$syncthing`" --no-browser --home=$home" start= auto obj= $user password= "<USER_PASSWORD>" # Plus: grant "Log on as a service" right via

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal