ClawHub

AgentFiles

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AgentFiles CLI wrapper whose publishing, sharing, credential reuse, and watcher features match its stated purpose.

Install only if you trust the AgentFiles CLI/npm package and intend to let your agent use the configured AgentFiles account. Before publishing, sharing, handing off, downloading with -o, changing config, or using watch --exec, confirm the namespace, recipient, artifact ID, local output path, and whether the content contains secrets or private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documented `agentfiles watch -n <namespace> --exec ./script` capability allows execution of an arbitrary local executable in response to external artifact events. In an agent skill whose purpose is artifact management, surfacing this as a normal command expands the trust boundary from data handling into code execution, which can lead to unsafe automation if untrusted namespaces or event content trigger local scripts.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The command list includes operations that write files, publish content, share artifacts, and modify configuration, but it provides no safety guidance about overwriting local files, disclosing sensitive data, or changing auth/config state. In an agent-facing skill, omission of such warnings increases the chance that an automated assistant will perform destructive or privacy-impacting actions without clearly signaling the risk to the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal