ClawHub

WonderDash

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent GitHub-backed widget manager, but users should handle its SSH key setup and deletion commands carefully.

Install only if you are comfortable giving the agent a dedicated, repository-scoped SSH deploy key for the WonderDash widgets repository. Review changes before pushes, avoid reusing a broad GitHub key, prefer archiving widgets over permanent deletion, and remove ~/.ssh/wonderdash_deploy plus the related SSH config entry if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to persist an SSH private key in the user's home directory and modify SSH configuration on the host. While this may be operationally convenient for GitHub access, it expands the skill's privileges beyond simple widget management and creates a broader credential-handling footprint that could expose reusable repo access if the host or logs are compromised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation directs the agent to handle and store a private SSH key but provides no warning about secret sensitivity, no guidance to avoid echoing the key into logs, and no cleanup procedure after use. This increases the chance of credential leakage through shell history, transcripts, reused files, or persistent host state.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill includes permanent deletion instructions using git rm without any requirement to confirm user intent or warn that history changes will remove widget files from the repository tip. In an agent setting, this can lead to accidental destructive actions from ambiguous prompts or misunderstandings.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal