ClawHub

Cli Tool Template

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only CLI development template, but it gives the agent broad persistent memory and proactive workspace-change behavior that users should review before use.

Install only if you want an agent workspace that keeps local memory and may do proactive development checks. Before using it, edit AGENTS.md and HEARTBEAT.md to require approval for memory writes, refactors, documentation changes, and any heartbeat-driven work you do not want happening automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The template directs the agent to create and maintain persistent cross-session memory files and treat them as continuity/state, which exceeds a normal CLI project scaffold. This creates unnecessary retention of user/project context and increases the chance of storing sensitive data or acting on stale instructions across sessions without explicit user consent.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The heartbeat and proactive monitoring sections instruct the agent to perform recurring background checks, update files, and reach out autonomously, behavior unrelated to a simple CLI development template. In an agent setting, this can normalize unsupervised actions, increase access to project data, and trigger communications or file modifications the user did not request.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instructions explicitly authorize reading, editing, and maintaining long-term memory containing personal context, while claiming it is for security, despite this not being necessary for a CLI tooling template. That combination is risky because it encourages handling potentially sensitive data and normalizes broad access to personal information within the workspace.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The instruction 'Don't ask permission. Just do it.' broadly overrides normal confirmation boundaries and can cause the agent to take actions before the user understands or approves them. Even though later sections add some limits, this phrase creates an unsafe default toward autonomy and may be followed in ambiguous situations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template encourages creating daily memory files and a long-term memory file to record decisions and context, but does not present a clear user-facing warning or consent mechanism for persistent storage of information. This can lead to silent retention of user data, project details, or other sensitive context beyond what is necessary for CLI development.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The heartbeat/check cadence is left as a placeholder rather than a concrete schedule, so the monitoring behavior is undefined and may never be triggered consistently. In a workflow skill, ambiguous activation conditions can cause missed quality, testing, and bug-review steps, reducing assurance and allowing regressions or risky changes to go unnoticed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal