ClawHub

Survival Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it understates network/data sharing and leaves broad autonomous activity insufficiently scoped.

Review before installing. Treat this as an autonomous operations assistant that may touch financial records, account-visible data, browser-visible data, messaging services, and model/API spend. Only enable integrations you intend to use, require explicit approval before file writes, external messages, subagent creation, or configuration changes, and do not run referenced scripts unless they are included and separately reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill documentation asserts that all write operations require user authorization, but the included PowerShell examples directly append to files and modify `survival-config.json` without any authorization gate. This mismatch is dangerous because operators may rely on the stated safeguard while the actual workflow enables silent local state changes and file writes, which is especially risky in an autonomous or heartbeat-driven agent context.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The trust statement says no data is sent to third parties unless explicitly configured, yet the skill describes Telegram notifications and checks of external services such as email, calendar, and Fiverr. Misstating outbound communication behavior can cause users to install or enable the skill under false privacy assumptions, leading to unintended disclosure of operational metadata or content.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The External Endpoints section claims local-only execution with no data leaving the machine, but other sections explicitly mention Telegram alerts and external service monitoring. This contradiction is security-relevant because it obscures network exposure and may lead users to permit a skill they believe is offline-only when it can in fact initiate external communications.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad and loosely defined, including routine state changes and anomaly detection, which can cause the skill to activate unexpectedly or too frequently. In an autonomous management skill that performs checks, logging, authorization requests, and potentially external notifications, underspecified triggers increase the chance of unintended actions, noisy automation, or privacy-impacting network activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal