ClawHub

Codex via tmux (WSL2 / Custom Proxy)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed tmux helper, but it hard-codes a live-looking API key and routes coding work through an unclear HTTP proxy while encouraging broad background full-auto use.

Do not install this as-is unless you control and trust the proxy, have removed the embedded key, and are comfortable with background full-auto agents modifying the target repository. Use your own securely supplied credentials, a scoped worktree, explicit launch approval, and review diffs and commits after each run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill embeds a live-looking API key and instructs operators to pass it explicitly on the command line. This exposes credentials in plaintext within the skill, shell history, process listings, logs, and any downstream copies of the file, creating a high likelihood of credential theft and unauthorized API use.

Vague Triggers

High
Confidence
89% confidence
Finding
The trigger phrases are extremely broad, including terms like long task, full-auto, and MyClaw, which can cause the skill to activate for ordinary development requests. Because this skill routes work to unattended background execution and a custom proxy endpoint, accidental invocation increases the chance of unreviewed code changes and unintended data disclosure.

Missing User Warnings

Critical
Confidence
99% confidence
Finding
The documentation not only exposes sensitive credentials but directs their use without any warning about secrecy, rotation, or safe handling. In the context of an agent skill, this strongly increases the chance that the credential will be copied, logged, redistributed, or used automatically by agents and users who assume the content is approved.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill directs use of a custom HTTP endpoint for model traffic but provides no warning that prompts, code, and repository contents may be transmitted to a third-party server. This is especially dangerous because the skill is meant for multi-file code generation and MyClaw repository work, increasing the volume and sensitivity of data likely to be exfiltrated.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal