ClawHub

Autonomy

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent and non-executable, but it encourages agents to grow into ongoing, low-notification ownership of work that can include sensitive operations.

Install only if you want this agent to help manage delegated work. Keep delegations limited to low-risk, reversible tasks; require written scope, explicit approval for each phase change, periodic review, and easy revocation. Avoid no-notification autonomy for finance, access changes, deployments, customer communications, production systems, or sensitive data workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The document explicitly normalizes progression from supervised operation to full agent ownership, with diminishing human visibility and no explicit requirement for informed user opt-in, task risk classification, or hard boundaries on high-impact actions. In a skill whose purpose is expanding agent autonomy, this is dangerous because it can drive agents to remove oversight from sensitive workflows based on internal success metrics rather than user-authorized governance.

Ssd 4

Medium
Confidence
98% confidence
Finding
The narrative frames successful autonomy as reaching a state where the 'human forgets agent does this,' which encourages covert normalization of agent control and a reduction in meaningful oversight. Even though the document mentions reporting and rollback, the overall structure incentivizes silent takeover of responsibilities, making misuse, scope creep, and unauthorized persistence more likely in real operational environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal