ClawHub

Agent Debugger

Security checks across malware telemetry and agentic risk

Overview

This is a readable, instruction-only agent debugging guide, but users should avoid its advice to expose internal reasoning or log sensitive details.

Install only if you want a general checklist for debugging AI agents. Do not enable hidden/internal reasoning visibility, and avoid logging raw prompts, credentials, private file contents, or full tool arguments/results. Keep memory writes and tool-permission changes narrow, temporary, and explicitly user-approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly recommends enabling "thinking: verbose" and "reasoning: on," and states this will show internal reasoning. Exposing hidden chain-of-thought or internal reasoning is unnecessary for ordinary debugging, can disclose sensitive internal decision processes or policy logic, and may violate model/provider safety boundaries.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Using a very broad trigger like "debug" can invoke this skill in many unrelated contexts, increasing the chance that risky debugging guidance is applied when not appropriate. Because the skill includes filesystem inspection and reasoning-exposure suggestions, overbroad activation expands the attack surface and likelihood of misuse.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The documentation directs operators to enable internal reasoning visibility without any user consent, necessity test, or policy basis. This creates an unnecessary data exposure path and normalizes unsafe debugging practices that may leak sensitive prompts, hidden analysis, or internal safeguards.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill suggests exposing internal model reasoning during debugging, which is more dangerous in this context because debugging often occurs around failures, sensitive inputs, and privileged workflows. Revealing internal reasoning can expose secrets, hidden prompts, or exploitable behavioral details to users or logs.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal