ClawHub

Scaffold

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate project scaffolding skill, but it can create local files, store persistent defaults, use local GitHub credentials, and push a new repository, so users should review it before use.

Install only if you want an agent to scaffold full projects, inspect selected existing projects for patterns, write persistent defaults under your home directory, run install/build checks, and potentially create and push a private GitHub repository. Before running it, confirm the target path, project name, GitHub account or org, repository visibility, and whether you want local-only scaffolding before any push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to create and push a GitHub repository via a shell command, which performs an external side effect using ambient local credentials and network access. In a scaffolding skill, automatically publishing code is a sensitive action because it can expose generated content or private project metadata without a separate explicit consent gate tied to the push step.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough that ordinary requests like 'create new project' or 'start new app' may invoke a high-impact skill that writes files, initializes git, persists defaults, and may publish to GitHub. Over-broad activation increases the chance of unintended execution of sensitive actions without the user realizing the full workflow that will run.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill reads and writes persistent values in `~/.solo-factory/defaults.yaml`, including organization and developer identifiers, without an explicit warning that the data will be stored for future runs. Writing to the home directory creates cross-session persistence and can surprise users, leak sensitive organizational metadata, or cause future scaffolds to inherit unintended defaults.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal