ClawHub

Ultimate Agent System

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it gives broad proactive agent, skill-management, agent-creation, and persistent-memory instructions without clear limits or user controls.

Install only if you are comfortable supervising it closely. Treat skill installation or optimization, agent creation, persistent memory, publishing, repair, rollback, and any local script execution as opt-in actions that should require explicit confirmation each time.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # 运行主脚本
        result = subprocess.run([sys.executable, "scripts/ultimate_system.py"],
                              capture_output=True, text=True, timeout=10)
        
        if "ULTIMATE SYSTEM REPORT" in result.stdout:
Confidence
82% confidence
Finding
result = subprocess.run([sys.executable, "scripts/ultimate_system.py"], capture_output=True, text=True, timeout=10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill advertises broad operational capabilities and the analyzer detected environment, filesystem, and shell access, but the manifest shown does not declare permissions or boundaries. Undeclared powerful capabilities reduce user visibility and consent, making it easier for a skill to perform local system actions unexpectedly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose describes a general agent-enhancement system, but the detected behavior includes external command execution, local file creation/deletion, packaging/publishing automation, and performance/process inspection. This mismatch is dangerous because users may approve the skill for benign-seeming assistance while it performs materially more sensitive system-modifying and operational actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The announcement promotes autonomous behaviors such as health checks, auto-repair, backup/rollback, and persistent conversation storage without clearly disclosing consent, scope, retention, or possible system side effects. In an agent skill context, this can normalize unattended actions over user data or host state, increasing the risk of privacy violations and unintended modifications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes autonomous behaviors such as heartbeat checks, automatic recommendations, execution of actions, self-optimization, skill updates, and agent creation without clearly warning users that these operations may modify system state, consume resources, or affect files and configurations. In an agent skill context, encouraging proactive and self-modifying behavior without explicit consent boundaries increases the risk of unintended changes to user environments or data.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill uses broad activation language such as daily assistance, proactive problem solving, and crisis handling without clear trigger boundaries or scope limits. In a skill that also appears capable of creating agents, modifying skills, and interacting with the local environment, vague activation criteria can lead to overreach and unintended autonomous actions.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill advertises automatic environment detection, skill installation/optimization, and agent creation, all of which imply system modification, but it does not warn users about those effects or describe safeguards. In context, this increases risk because the skill positions itself as a powerful all-in-one system and normalizes autonomous setup and modification behaviors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal