ClawHub

Skill Auto Attach

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says in broad terms, but it can automatically send any changed workspace file to Telegram, not just documentation files.

Review before installing. Only enable this skill if you are comfortable with automatic Telegram uploads from the watched workspace; preferably add a strict file-extension and path allowlist, exclude secrets/config directories, confirm each file before sending, and verify exactly which Telegram chat or channel receives the files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script automatically sends every created or modified file in the workspace to Telegram, which is an external messaging service. This creates a broad, continuous data exfiltration channel for potentially sensitive files with no filtering, scoping, or user approval, and the skill description does not justify such blanket outbound transfer.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes automatically monitoring the workspace and sending new or modified documentation files to Telegram, but it does not disclose the privacy and data exfiltration implications to the user. This creates a real security risk because seemingly harmless documentation files may contain sensitive internal notes, credentials, tokens, incident details, or proprietary information, and automatic transmission to an external messaging platform reduces user awareness and consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The watcher copies and transmits workspace files to Telegram without any user-facing warning, prompt, or confirmation. Silent background export of local files is especially dangerous in an agent skill because users may not realize drafts, credentials, tokens, or private documents are being sent off-host as they edit them.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest registers the skill for both "file-creation" and "file-modification" without any visible scoping or filtering, which can cause the skill to run on a very large set of events. For an automatic attachment skill targeting Telegram, this broad activation increases the chance of unintended processing or transmission of files, especially if sensitive or unrelated files are created or updated in the environment.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal