ClawHub

Forge

Security checks across malware telemetry and agentic risk

Overview

Forge is a coherent autonomous testing and fixing skill, but it gives an agent broad authority to run project commands, change code, seed real backends, and create local commits without strong approval boundaries.

Install only if you intentionally want an agent to run builds, tests, migrations, real API seeding, code edits, local commits, and persistent learning for a repository. Start with verify-only mode, use a clean disposable branch or worktree, confirm forge.config.yaml and discovered commands, use only local non-production services and data, and review diffs, commits, logs, and memory state before trusting autonomous mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The changelog explicitly advertises an Auto-Committer that stages files and creates commits as part of an autonomous execution loop, but it does not mention any approval gate, dry-run default, or user warning before repository mutations occur. In an agent skill context, silent autonomous code changes increase the risk of unintended, unsafe, or security-relevant modifications being persisted without meaningful human review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented confidence-tiered fix system allows Platinum and Gold fixes to be auto-applied immediately or with minimal friction, which means code can be changed without review based solely on heuristic confidence. In a security-sensitive development environment, this creates a pathway for flawed fixes, unsafe transformations, or attacker-influenced changes to be introduced automatically and then potentially propagated by later automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly states the skill will 'verify, test, fix, and commit — continuously' but does not prominently warn that it can modify repository contents and create commits automatically. In an autonomous coding tool, undocumented write/commit behavior can surprise users, cause unintended source changes, and persist risky or broken edits into version history.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Quick Start instructs users to run `/forge --autonomous --context payments` without any adjacent notice that this mode may execute tests, apply fixes, and commit changes. Because Quick Start commands are commonly copied verbatim, this omission increases the likelihood of accidental repository modification or disruptive execution in a real environment.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises 'chaos/resilience testing with controlled failure injection' without warning about possible service disruption, corrupted test data, or impact if pointed at shared or production-like environments. In this skill's context, autonomous execution plus failure injection makes the omission more dangerous because users may assume the feature is safe to run anywhere.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to generate specs, write files, and apply code fixes, but the top-level description does not clearly warn users that repository files will be modified automatically. That omission can lead users to invoke the skill in sensitive repos without informed consent, increasing the chance of unintended code changes or corruption.

Missing User Warnings

High
Confidence
98% confidence
Finding
Forge starts backend services, copies environment files, runs migrations, checks health endpoints, and seeds data against a real backend, yet the skill description does not prominently warn that it will execute potentially destructive operations on live-like systems. In a real repository, this could alter databases, consume credentials, or affect connected services if the environment is misconfigured.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automatic local commits materially change repository state and can complicate audits, trigger downstream automation, or preserve unsafe changes if users are unaware this behavior exists. Because this capability is not clearly surfaced in the skill description, users may invoke Forge expecting analysis/testing only.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal