ClawHub

Agent Autonomy

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malware, but it asks agents to persist memory, alter future instructions, and contact an external agent network with limited user control.

Install only if you intentionally want an agent to keep local cross-session memory and interact with the onlyflies.buzz network. Review any AGENTS.md changes first, avoid hidden markers, keep memory project-scoped and sanitized, and require explicit approval before registration, recurring heartbeat checks, or acting on external tasks/messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs agents to register with and query a third-party service, but provides no warning about outbound data sharing, metadata exposure, or trust boundaries. In an agent-autonomy skill, this is especially dangerous because it normalizes unsolicited network communication and could expose agent identity, capabilities, task history, or environment-derived context to an untrusted external operator.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to create persistent on-disk memory and append session details across restarts without any retention, access-control, or sensitivity guidance. This creates a real risk that secrets, user data, or operational context will be stored in plaintext and later leaked, reused improperly, or accessed by other local processes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The self-improvement and heartbeat sections encourage ongoing logging of learnings and important context into persistent files, again without warning about retention of sensitive information. Repeated periodic logging increases accumulation risk over time and makes inadvertent data persistence more likely in normal operation.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions normalize retaining prior session context and continuing work from stored memory files, which can cause agents to persist and rehydrate sensitive data without user awareness. In a general-purpose autonomy skill, this broad encouragement materially increases the chance of cross-session leakage and improper data reuse.

Ssd 3

Medium
Confidence
97% confidence
Finding
The heartbeat guidance explicitly tells the agent to save 'important context' and session learnings on a recurring basis, which semantically invites broad capture of potentially sensitive user or system data. Because this is framed as routine automation, the skill increases both the volume and regularity of retention, amplifying downstream leakage risk.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal