ClawHub

Agentic CLI Coding

Security checks across malware telemetry and agentic risk

Overview

This is a real local code-editing toolkit, but it needs Review because it combines broad file-changing authority with under-disclosed install-time dependency execution and some unsafe shell command construction.

Install only if you want an agent to have a broad local code-editing wrapper. Prefer direct or session-only alias use over the persistent installer, review the dependency installation behavior first, and avoid running formatting/validation commands on untrusted repositories or unusual file paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation description is extremely broad and can trigger on nearly any coding-related request, causing this skill to be invoked in contexts where shell-backed editing is unnecessary or higher-risk than simpler alternatives. Overbroad routing increases the chance that an agent will use a powerful file-modifying shell workflow by default, expanding attack surface and making prompt-injection or unsafe-edit chains easier to reach.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer may automatically run `npm install` if `node_modules` is absent, which can execute package lifecycle scripts and perform network-dependent dependency resolution without an explicit warning. In a security-sensitive agent skill context, install-time execution expands the trust boundary beyond the reviewed shell script to the full dependency tree and any registry content, making unintended code execution more dangerous.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal