ClawHub

Agent Autonomy Primitives

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about building recurring autonomous agent task loops, but it leaves important safety controls for ongoing execution up to the installer.

Install only if you intentionally want an agent to run from a persistent task queue. Before enabling heartbeat or cron execution, use a private or tightly controlled vault, define which projects and tools the agent may use, require human approval for risky actions, log each run, and set a clear pause or shutdown mechanism. Verify the clawvault npm package and consider pinning or isolating the install.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
5. Check for tasks due within 24h — those get priority
```

For cron-based agents, schedule a recurring job:
```
Schedule: every 30 minutes
Action: Read task queue, pick highest priority, execute, report
Confidence
88% confidence
Finding
schedule a recurring job

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal