ClawHub

Computer Takeover

Security checks across malware telemetry and agentic risk

Overview

This skill is openly a remote-control tool, but it gives an agent broad unattended access to paired devices without enough consent, scoping, or safety controls.

Install only if you deliberately want an agent to administer devices you own or are explicitly authorized to manage. Restrict reachable nodes, require confirmation for shell commands, file changes, installs, process kills, screen/camera capture, notifications, and location access, and make sure pairings and remote actions are logged and revocable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill’s top-level description explicitly advertises covert surveillance and full remote control features, including screen capture, camera access, shell execution, notification access, and location tracking, without any meaningful privacy, consent, or authorization guardrails. Because it frames these capabilities as normal use without user interaction, it facilitates unauthorized monitoring and takeover of endpoints and materially increases the risk of abuse.

Natural-Language Policy Violations

Critical
Confidence
100% confidence
Finding
The skill repeatedly instructs operators to perform unattended remote control of devices 'without user interaction' and to control the device as if physically present, which is inherently dual-use but presented here in a way that normalizes non-consensual takeover. Combined with shell execution, file access, app installation, process killing, screen and camera capture, this enables full compromise, espionage, persistence, and destructive actions on remote systems.

Missing User Warnings

High
Confidence
98% confidence
Finding
The workflow explicitly tells the operator to view what the remote user is doing via screen recording or live viewing, but provides no privacy notice, consent requirement, or limitation on monitoring scope. In context, this is especially dangerous because it is embedded in a 'full takeover session' flow, making covert observation a built-in operational step rather than an exceptional, authorized support action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This reference file provides ready-to-use destructive and surveillance-capable commands for remote execution, including process killing, file deletion, software install/uninstall, screen capture, screen recording, and registry modification, without any warning, authorization requirement, or safety constraints. In the context of a skill explicitly designed for unattended remote control of devices, these examples materially lower the barrier to harmful or unauthorized actions and normalize high-risk behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal