ClawHub

Feature Forge

Security checks across malware telemetry and agentic risk

Overview

Feature Forge appears to be a legitimate coding helper, but it can broadly modify a project and automatically commit changes without a clear approval checkpoint.

Install only if you want an agent to make multi-file code changes in a project repository. Use a clean branch, review the planned file list before execution, inspect generated migrations and API/auth changes carefully, and do not allow it to commit until you have checked the diff.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create a git commit as part of normal completion, which exceeds the narrowly stated purpose of generating feature code. Automatic repository mutation can hide or legitimize unintended changes, and doing so without an explicit user confirmation reduces auditability and user control.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The workflow directs the agent to stage files and create a conventional commit automatically, which is operational behavior outside code generation itself. This can be abused to persist unintended edits or make review harder by bundling risky changes into a commit the user did not explicitly request.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is framed to activate for essentially any feature-description request and then operate autonomously across the stack. That broad trigger scope increases the chance of high-impact actions being taken in contexts where the user expected brainstorming or limited assistance rather than schema, API, UI, and test modifications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promises autonomous implementation of a 'complete vertical slice' without a clear up-front warning that it may modify many files and potentially alter repository state. This creates a consent problem: users may invoke it expecting design help, but the skill is authorized to perform broad codebase changes.

Missing User Warnings

High
Confidence
98% confidence
Finding
The planning protocol tells the agent to identify irreversible steps, but it does not require user approval before creating schema migrations, and the workflow later directs automatic creation of migration files. Database migrations are materially higher risk than ordinary code edits because they can cause destructive or difficult-to-reverse state changes once applied.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
A mandatory instruction to commit changes lacks any confirmation requirement, despite commit creation being a durable repository action. Even if the code changes themselves are acceptable, auto-committing can prematurely finalize incomplete, unsafe, or user-unreviewed modifications.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal