ClawHub

letcairn.work

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward installer and usage guide for the Cairn CLI, with expected but persistent setup and automation risks users should understand.

Before installing, verify that you trust the cairn-work npm package and publisher, understand that npm install -g runs package code with global CLI permissions, and review what cairn onboard will create in your home or workspace. Use any execute mode only when you have explicitly authorized the specific workflow and are comfortable with deploy, publish, send, or similar side effects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly defines an `execute` autonomy mode that allows an agent to perform irreversible actions such as deploy, publish, or send, but it does not pair this capability with a strong safety warning, confirmation requirement, or approval gate. In an AI-agent skill context, that omission can normalize high-risk automation and lead users or agents to perform production-affecting actions without sufficient human verification.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs users to run `cairn onboard`, which creates `~/cairn/` and auto-generated files in the user's home directory, but it does not clearly warn about these filesystem changes before presenting the command. In an agent skill context, setup commands may be executed with limited user review, so undisclosed writes to a home directory increase the risk of unexpected persistence, workspace pollution, or accidental exposure of agent-readable context files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal