ClawHub

Ceo Delegation

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it broadly routes tasks through sub-agents and memory without clear limits or consent controls.

Install only if you intentionally want an assistant to delegate most work to sub-agents. Set explicit limits for sub-agent creation, cost, time, retries, installations, file changes, and memory writes, and avoid using it for secrets or sensitive work unless you are comfortable with that content being shared with sub-agents or stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The workflow instructs use of memory_search/RAG to retrieve prior cases even though the stated purpose is simple delegation and monitoring. This expands data access beyond what users would reasonably expect, creating unnecessary exposure of prior task data, secrets, or unrelated context to delegated workflows.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Automatically recording outcomes into memory introduces persistent storage of potentially sensitive task content without clear need for a delegation-only skill. This can lead to privacy leakage, retention of secrets, and unintended reuse of sensitive outputs in future tasks.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The documentation broadens the skill into installation, configuration, and file-operation domains, materially expanding operational scope beyond delegation. That mismatch can cause the agent to invoke more powerful actions than users expect, increasing the chance of unsafe changes to systems or data through delegated subagents.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger condition applies the workflow to 'any task,' making the skill activate far too broadly. In context, that means arbitrary user requests may be automatically delegated to subagents, potentially causing unnecessary data sharing, privilege expansion, or unsafe execution patterns even when delegation is inappropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal