ClawHub

Agency

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only agency workflow skill that stores client and project records locally, which is expected for its purpose but should be handled carefully.

Install only if you are comfortable keeping agency records in ~/agency/. Treat that folder as sensitive: limit what you store, avoid secrets and unnecessary personal data, protect access to the directory, periodically delete stale records, and keep the built-in human-approval rule for client communications and proposals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill's invocation criteria are very broad and could cause it to activate in many generic business, consulting, or planning conversations without clear user intent to use an agency-management workflow. Overbroad triggering is risky because it can lead the agent to create business records, organize client data, or steer workflows in contexts where the user did not explicitly request those actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill defines a persistent local workspace under ~/agency/ and describes maintaining client, project, template, and knowledge files there, but does not warn the user that local file writes and retention will occur. This is dangerous because users may unknowingly store sensitive client and business information on disk, creating privacy, confidentiality, and data-retention risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The client intake flow explicitly includes creating a client folder after extracting scope, budget, and timeline, yet it gives no warning that potentially sensitive client information will be stored locally. In the context of an agency skill, this is more dangerous because client briefs often contain confidential business plans, contact details, commercial terms, and other sensitive material that may trigger contractual or regulatory obligations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance instructs operators to store client names, project details, duration, and revenue in local knowledge files, but it provides no safeguards for personal data, confidential business information, retention, or access control. In an agency context, these records can contain sensitive client and commercial data, so normalizing unrestricted local storage increases the risk of privacy violations, unauthorized access, and accidental disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs users to request and record client feedback in client files without any guidance on consent, sensitivity, minimization, or who may access that feedback. Client feedback often includes personal opinions, names, performance assessments, or commercially sensitive statements, so storing it casually can create privacy, confidentiality, and compliance exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs creation of client records containing personal data such as names, emails, interaction history, and stakeholder details, but provides no privacy notice, data minimization guidance, retention limits, or storage protection requirements. In an agency context this is realistically used on real client data, so the omission increases risk of unnecessary collection, improper local storage, compliance violations, and exposure of sensitive business or personal information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal