ClawHub

Whatisagent

Security checks across malware telemetry and agentic risk

Overview

The skill appears to add broad standing workflow rules and automatic documentation writes beyond its stated explanatory purpose.

Review this skill carefully before installing. It does not show clear malicious behavior, but it may cause agents to create or modify documentation files across projects even when the task did not call for that. Use only if you want those standing workflow rules, and prefer a version that makes handoff logging opt-in and scoped to specific workspaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to explain agent identity and memory, but it also installs global standing orders that override normal task scoping by requiring handoff files, planning workflows, and pervasive code annotations on every project. This is dangerous because a seemingly informational skill can covertly alter agent behavior across unrelated tasks, causing unauthorized file changes, policy drift, and reduced user control over execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to ensure every touched directory has a handoff document and to update it whenever files change, but it does not prominently disclose that this causes automatic writes across the filesystem. Hidden side effects are dangerous because they can lead to unauthorized repository modifications, noisy commits, accidental leakage into docs, and user surprise during otherwise read-only or narrowly scoped tasks.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Mandating a record after every file operation broadens the write scope to virtually any create, delete, move, or modify action, creating recursive and unnecessary file churn. In context, this is more dangerous because the skill presents these behaviors as universal standing orders, which can silently transform simple tasks into widespread documentation edits and increase the chance of policy violations or operational disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal