ClawHub

Agent Autopilot

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed autopilot workflow, but it gives an agent recurring autonomous write and memory-edit authority with weak boundaries.

Install only in a dedicated, bounded workspace. Define clear stop conditions and require review before MEMORY.md cleanup, git commits, external tool use, or high-impact file changes. Verify the copied todo-management skill source before enabling heartbeat automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The initialization instructions direct autonomous creation of directories, installation/copying of another skill, and initialization of state files in a workspace without any guardrails, confirmation step, or clear warning about filesystem impact. In an agentic environment, this can cause unintended modification of user state or spread configuration into the wrong workspace, especially because the path is user-supplied and the behavior is framed as automatic setup.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to repeatedly modify todo and memory state on every heartbeat and explicitly says to keep acting without waiting for further approval. In context, this increases the risk of runaway autonomous changes, log/file growth, accidental overwrites, and persistent workspace drift, because the agent is encouraged to continuously create tasks and write status without bounded stopping conditions or operator consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs the agent to automatically modify workspace files such as memory/report-state.json and MEMORY.md as part of its normal heartbeat behavior, but the example does not clearly warn users that enabling the workflow causes autonomous file writes. In an autopilot-style skill, undisclosed persistent state changes are security-relevant because they can surprise users, overwrite important context, and create a platform for unintended or excessive modification over time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal