ClawHub

Autonomous Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is built for autonomous coding, but it defaults to permission-bypassed unattended execution and persistent looping that users should review carefully before running.

Install only if you intentionally want Claude Code to continue coding unattended. Prefer a disposable or non-production repository, set explicit `--max-sessions` or `--max-iterations`, override `--permission-mode` away from `bypassPermissions` when possible, and review `.autonomous/`, `.claude/autonomous-loop.local.md`, logs, and all generated code before committing or deploying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation guidance uses very broad everyday phrases such as 'run this in the background' and 'keep working on this,' which can cause the skill to activate when the user did not explicitly intend autonomous execution. In this skill's context, unintended activation is more dangerous because it launches long-running unattended workflows that can spawn sessions, modify files, and continue iterating without close user oversight.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents creation of tracking directories, logs, lock files, and local hook state, but does not prominently warn users about the persistence, filesystem impact, and operational side effects of autonomous execution. In an autonomous skill, undisclosed background state and logging are more sensitive because they can accumulate data, alter project state, and be difficult for users to notice or clean up.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script defaults autonomous Claude sessions to `bypassPermissions`, which removes the normal approval barrier for potentially sensitive file access or command execution in long-running unattended loops. In this skill's context, that is especially risky because it is explicitly designed for autonomous, multi-session operation, so a bad prompt, prompt injection, or agent mistake can propagate without human review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally writes `.claude/autonomous-loop.local.md`, a persistent state file that activates an autonomous loop in the current workspace, before any explicit confirmation or prominent pre-write warning is shown. In the context of an autonomous background-execution skill, this is more dangerous because the file changes future agent behavior and can cause repeated unattended iteration, surprising users and making unintended persistence harder to notice or stop.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The prompt explicitly instructs the agent to create and modify files in both a task directory and the project root without requiring any user-facing confirmation, consent checkpoint, or visible warning about workspace changes. In an autonomous multi-session skill, this increases the chance of unintended file creation, configuration changes, or repository modifications occurring unattended, which makes the behavior materially riskier than a normal read-only planning prompt.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal