ClawHub
Back to skill

Security audit

Google Agents Cli

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Google ADK onboarding, but it asks users to run an unpinned setup command that persistently installs multiple additional agent skills not included in the review.

Install only if you intend to let this setup modify your coding agent with the Google agents-cli skill pack. Before running the command, verify the package source, consider pinning a known version, inspect the installed skills, and confirm how to disable or remove the always-active workflow skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase "or otherwise needs the Google Agent Development Kit (ADK) toolchain" is broad enough to match many loosely related developer requests, which can cause this onboarding skill to activate outside its intended scope. In a skill-routing system, overbroad triggers increase the chance of inappropriate toolchain setup guidance being injected into unrelated conversations, potentially leading to unnecessary command execution or user confusion.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Saying the specialized skills "activate automatically based on the user's request" without defining decision boundaries creates ambiguous routing behavior. That ambiguity can cause overly privileged or irrelevant skills to engage, especially in mixed-intent prompts, increasing the risk of unsafe guidance, scope creep, or unintended setup/deployment actions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.