ClawHub

Agency Agents

Security checks across malware telemetry and agentic risk

Overview

This is mostly a prompt-only agent bundle, but its install instructions and metadata mix different skill identities and its saved-output behavior is not clearly scoped.

Install only the canonical erong-agents package from a trusted ClawHub or repository source, and do not follow the stale agency-agents quickstart commands unless you intentionally want that different package. Before using agents on proprietary code, customer data, CRM exports, finance data, infrastructure tasks, or social accounts, restrict tool permissions and review any saved output directory for sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The quickstart instructs users to install and invoke a different skill name ('agency-agents') than the manifest name ('erong-agents'). This identity mismatch can cause users to install or run the wrong package, creating supply-chain confusion and making typo-squatting or package substitution attacks more plausible.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The manual installation section references a different repository and directory name than the actual skill identity. Users following these steps could clone or copy the wrong project into their skills directory, which is a documentation-driven integrity risk and could lead to execution of unintended code.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The documented output path uses a contradictory package name, which can misdirect users when locating generated artifacts and logs. While lower severity than install-time confusion, inconsistent paths reduce traceability and may cause users to inspect or trust the wrong workspace contents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide states that agent outputs are automatically saved to disk but does not warn that prompts, model outputs, and potentially sensitive project data may persist in the workspace. In an agent skill that may process proprietary code, credentials, business plans, or customer data, silent persistence creates a meaningful confidentiality and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal