ClawHub

GSwitch

Security checks across malware telemetry and agentic risk

Overview

GSwitch is a coherent multi-agent engineering workflow, but it normalizes production deployment and persistent shared-memory logging without clear approval, scoping, or data-minimization safeguards.

Install only if you are comfortable with a multi-agent workflow that can write persistent shared notes and proceed toward deployment. Keep shared memory in a dedicated project directory, do not store secrets or sensitive findings there, set run limits, and require explicit human approval before any production deploy or destructive change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly includes a production deployment phase ('/ship - Deploy to production') but does not require explicit user approval, environment verification, rollback planning, or warnings about the impact on live systems and data. In an agentic workflow, normalizing autonomous progression from build/test to deploy increases the chance of unintended production changes, especially because agents are instructed to spawn the next stage automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to append task details to a shared-memory file using file operations, but it provides no user disclosure, consent boundary, data minimization guidance, or restrictions on what may be written. In an agent setting, this creates a durable cross-task data sink that can expose sensitive project details, file paths, internal findings, or user data to other roles or later runs, increasing the risk of unintended data retention and lateral information leakage.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The role explicitly instructs the agent to append QA results to a shared-memory file on disk, including project file paths, bug counts, issue types, and next steps, without any minimization, consent, or warning about sensitive data handling. In multi-agent or multi-tenant environments, this can create an unintended persistence channel that exposes internal repository structure, testing activity, and potentially security-related findings to other agents or users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This role explicitly instructs the agent to perform production deployment actions and write to shared memory, but it provides no user-consent gate, environment restriction, or warning about the real-world impact of those actions. In an agentic system, that omission is dangerous because the skill normalizes high-impact operational changes as routine behavior and could enable unintended or unauthorized production modifications.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal