ClawHub

Speckit Swarm

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-agent coding orchestrator, but it should be used only where broad file, command, web, and parallel-agent activity is acceptable.

Install only if you want an autonomous coding-orchestration skill that can run commands, edit files, fetch web content, and spawn parallel agents. Use it in a sandboxed or non-sensitive repository, keep platform approval/audit controls enabled for exec/write/network actions where possible, and avoid exposing secrets or private workspaces unless you are comfortable with broad agent access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The documentation presents conflicting activation conditions for parallel execution: early sections say Ultrawork is triggered only by explicit "ulw"/"ultrawork" keywords, while later sections describe automatic parallelization based on task complexity. In an orchestration skill, ambiguous trigger semantics can cause users or downstream agents to invoke multi-agent execution unexpectedly, increasing the chance of unintended actions, excess resource use, or unsafe concurrent changes.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The persona is described as a research and documentation specialist, but it is granted an `exec` capability alongside search and fetch tools without any role-specific justification or constraints. Giving a broadly scoped command-execution tool to a non-operational research agent increases the chance of prompt-injection-driven command execution, unsafe local inspection, or misuse beyond the intended documentation task.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes automatic triggering of parallel agent execution from simple keywords like "ulw"/"ultrawork" without a prominent user warning or confirmation step. In practice, this can make users invoke higher-risk multi-agent behavior accidentally, leading to unreviewed parallel actions, increased token/tool consumption, and a larger attack surface if tasks are delegated broadly.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The concurrency checker relies on hard-coded Portuguese task phrases to decide whether parallel execution is safe, but there is no documented locale restriction or fallback for other languages. In a multilingual environment, English or other non-Portuguese tasks may be misclassified as safe by default, causing unsafe parallelization decisions and potential file/resource conflicts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The persona explicitly grants an autonomous agent access to file operations and web research tools while instructing it to proceed independently and complete tasks without waiting for guidance. In the absence of user-facing disclosure, scoped permissions, or approval gates, this increases the risk of unintended filesystem modification, data exposure, or external data retrieval that the user did not anticipate.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The module is explicitly designed to auto-detect 'complex' user tasks and prepare parallel execution without any user confirmation, approval gate, or scope restriction. In an agent environment, this can expand a single prompt into multiple autonomous subtasks that may create files, initialize projects, or make broad changes, increasing the chance of unintended or excessive actions from ambiguous input.

VirusTotal

No VirusTotal findings

View on VirusTotal