ClawHub

QA Pilot

Security checks across malware telemetry and agentic risk

Overview

QA Pilot is an instruction-only QA methodology for agents to test and fix web apps, with broad but disclosed testing behavior and no hidden executable payload found.

Install this only if you want your agent to perform hands-on QA and bug fixing for web/app work. Configure it for local or staging environments, use test credentials and test data, require explicit approval before production or external-service testing, and keep normal review controls around code edits and server startup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README states the skill activates automatically when configured, but it does not define scope, preconditions, or exclusions. For a skill that can open apps, click through workflows, and automatically fix issues, ambiguous activation can trigger unintended testing or code modifications in contexts the user did not explicitly approve.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The instruction to "Always run QA Pilot testing before marking tasks complete" is a persistent, overly broad directive that can override task-specific risk considerations. In practice, this could cause the agent to perform automated interaction and repeated fix cycles on every project, including sensitive or non-web contexts, increasing the chance of unsafe actions or unintended changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description emphasizes clicking every button, testing edge cases, and automatically fixing issues, but it does not warn users about the operational risks of autonomous interaction and modification. Without clear warnings, users may apply the skill to live systems or sensitive workflows, leading to destructive actions, data changes, or unintended submissions during testing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal