ClawHub

Agent Shared Context

Security checks across malware telemetry and agentic risk

Overview

This skill transparently stores local shared notes so multiple agents can coordinate, with no evidence of network access, credential use, or hidden behavior.

Install only if you want agents on the same machine to share local persistent context. Limit write access to trusted agents, do not store secrets or private data in the shared files, and require validation or human review before using shared context to post, engage, moderate, or make business-impacting decisions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs agents to read from and write to shared files, but it declares no permissions or trust boundaries. In a multi-agent system, this creates an untracked capability for cross-agent influence and data flow, making it easier for one agent or compromised workflow to tamper with another agent's behavior through shared JSON state. The danger is amplified because the skill encourages automatic consumption of shared context before acting.

Session Persistence

Medium
Category
Rogue Agent
Content
name: agent-relay
version: 1.0.0
description: |
  Cross-agent context sharing via shared files. Agents write trends, highlights, 
  and signals to a shared folder. Other agents read before acting — creating 
  coordinated behavior without direct messaging.
  Use when: multi-agent setups need coordination, agents should know what other
Confidence
92% confidence
Finding
write trends, highlights, and signals to a shared folder. Other agents read before acting — creating coordinated behavior without direct messaging. Use when: multi-agent setups need coordinati

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal