ClawHub

BMAD Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent BMAD orchestration purpose, but it gives a remote coding agent broad automated authority with safeguards bypassed and persistent monitoring under-scoped.

Install only if you intentionally want OpenClaw to coordinate a remote Claude Code session that can modify and commit project code. Use a disposable VM or least-privileged account, run on a separate branch or clone, avoid permission-bypass modes unless you explicitly accept the risk, review commits before merging, and confirm any tmux sessions or cron monitors are removed when work finishes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The documentation explicitly instructs launching Claude Code with `--dangerously-skip-permissions`, which disables an important safety boundary before interacting with a project in an automated tmux session. In this skill’s context, that is especially risky because the orchestrator is designed to drive implementation workflows remotely over SSH, so a mistaken, prompt-injected, or unsafe command could execute or modify files without normal approval gates.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to perform implementation, code review, commits, tmux command execution, and periodic monitoring on a dev VM, but it does not require an explicit user confirmation or warning before system-modifying actions begin. In an agentic environment, this can lead to unintended code changes, process creation, cron installation, or other side effects being carried out based on ambiguous user intent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The file not only documents skipping Claude Code permission checks, but also automates accepting permissions via simulated keypresses without any warning about the security consequences. That combination normalizes bypassing safeguards and makes the skill more dangerous in practice, because users may adopt the pattern as a default for remote agent orchestration where the blast radius includes the target VM and project files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal