ClawHub

Perry Coding Agents

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for remote coding-agent orchestration, but it gives the agent broad remote execution and repository-changing authority with weak safety boundaries.

Install only if you intentionally want your agent to delegate coding work to Perry remote agents. Review each requested dispatch, use trusted host aliases or pinned SSH host keys where possible, and avoid enabling it in sensitive repositories unless you are comfortable with remote background tasks creating branches or PRs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is overly broad and invites use for essentially any coding or PR-related task, which increases the chance the skill is triggered in contexts involving sensitive repositories, destructive changes, or unreviewed remote execution. In this file, that breadth is especially risky because the skill immediately dispatches commands to remote workspaces and can cause code changes and network callbacks without narrowing scope or requiring explicit confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions direct the agent to perform remote SSH execution, background task dispatch, code modification, PR creation, and HTTP callbacks, but provide no user-facing safety warning or approval gate for these system-impacting actions. Because the skill says to 'never code directly — always dispatch to agents' and 'no hard timeouts,' it encourages autonomous remote operations that can materially alter systems and repositories without clear operator awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal