ClawHub

Ultra Agent Stinct

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed coding/debugging helper, but it gives an agent broad automatic authority to edit files, run commands, and start background coding agents without clear user approval gates.

Install only if you want an agent that can actively repair code after failures. Use it in a branch or disposable workspace, require confirmation before file edits, package installs, destructive commands, or background delegation, and review diffs plus spawned-agent logs before accepting changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly authorizes spawning a separate background `claude` process for large tasks, which expands the agent's capabilities from local debugging into autonomous delegation and parallel execution. That creates a clear control-boundary problem: a secondary agent may perform actions with less visibility, weaker user consent, and reduced oversight, increasing the chance of unintended code changes, data exposure, or unsafe command execution.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The skill is described as an internal self-debugging instinct, but later instructs the system to offload heavy tasks to another `claude` agent. That contradiction obscures the real behavior of the skill and can cause operators or users to underestimate that it enables autonomous delegation beyond the stated purpose.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The guide explicitly instructs the skill to launch external coding-agent CLIs in the background for 'heavy tasks,' which expands the skill from self-debugging into autonomous delegation. That creates an execution boundary the user may not expect, increases prompt-injection and tool-misuse risk through a second agent, and can lead to uncontrolled code changes or command execution outside the original skill scope.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Authorizing delegation to tools like Claude Code, Codex, or Aider gives the skill a broader autonomous capability than its stated purpose of internal debugging. In context, this is more dangerous because the skill auto-activates on errors, so routine failures could trigger unapproved delegation to external agents that explore the codebase, run commands, and modify multiple files with limited oversight.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README describes the skill as activating automatically whenever the agent encounters errors or unexpected behavior, which is a very broad trigger surface for an internal debugging capability. In an autonomous agent environment, this can cause the skill to engage during routine failures or adversarially induced errors, expanding its influence beyond clearly bounded debugging scenarios and potentially altering behavior across many normal tasks.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase "Always-on rules apply to every coding task" suggests persistent behavioral override without precise trigger boundaries, making the skill applicable even when no real debugging context exists. In a skill that can influence editing and problem-solving behavior, ambiguous always-on scope increases the risk of unintended invocation, hidden priority over other instructions, and misuse through crafted task conditions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation condition is extremely broad: it triggers whenever the agent encounters a code error, build failure, stack trace, or unexpected behavior during any task. In practice, that means the skill may activate during many ordinary workflows, causing it to take debugging actions, run commands, or modify files without a narrowly scoped trigger tied to user intent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal