ClawHub

Speckit Coding Agent

Security checks across malware telemetry and agentic risk

Overview

This looks like a real spec-driven development skill, but it also teaches broad unsandboxed and parallel coding-agent workflows that users should review carefully before installing.

Install only if you are comfortable with coding-agent workflows that may modify repositories and run commands. Avoid the documented `--yolo` examples on valuable projects or machines with secrets, prefer sandboxed or approval-gated modes, and confirm where OpenCode/OpenRouter will send project data before using it on private code.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The file claims to be a Spec-Driven Development skill, but a large section pivots into generic agent orchestration, background execution, tmux management, repository cloning, and coding-agent operation. This scope expansion is dangerous because users may trust the skill's narrow title and run broadly capable automation that can modify code, review repos, or operate on unrelated directories beyond the spec-kit workflow.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill documents use of `codex --yolo`, which explicitly disables sandboxing and approvals, allowing unrestricted code execution and file modification. That capability is not justified by the stated purpose of creating specifications and task documents, so it introduces unnecessary risk of destructive changes, secret exposure, or unsafe command execution if followed blindly.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes instructions for cloning repositories, checking out PRs, creating git worktrees, running parallel tmux sessions, and launching automated issue-fixing agents. These are powerful operational capabilities unrelated to the advertised spec-kit workflow, and they materially increase the chance of unintended code changes, mishandled repositories, or execution in sensitive environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly recommends `codex --yolo`, which disables sandboxing and approvals, allowing arbitrary file and system modifications with no human confirmation. In a coding-agent skill, this is especially dangerous because users may copy these commands verbatim and grant an LLM broad autonomous execution over a real project or host environment.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The `codex --yolo` example appears as a runnable command without an immediate, explicit warning that it disables sandboxing and approvals. Even though danger is mentioned elsewhere, separating the warning from the command increases the likelihood that users copy-paste a high-risk invocation without understanding the consequences.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal