ClawHub
Back to skill

Security audit

Agents

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill about building AI agents, with one unsafe debugging suggestion to avoid but no hidden execution or data-stealing behavior.

Safe to install as an educational reference. Do not follow the chain-of-thought debugging suggestion; use structured traces, tool logs, rubric scores, and short summaries instead. If you implement agents from these examples, require human approval for external messages, payments, deletes, deployments, and broad file or account access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guidance to 'Add chain-of-thought to see agent thinking' encourages eliciting or exposing hidden reasoning during debugging. In a skill focused on production safety, normalizing chain-of-thought access can lead developers to build evaluation or logging workflows that capture sensitive internal reasoning, policy artifacts, or user-derived secrets and then expose them to operators, datasets, or downstream systems.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
This is a true policy and security issue because it explicitly instructs evaluators to inspect chain-of-thought, which conflicts with safe model-use practices and can cause leakage of internal reasoning. In the context of an agent-building skill, that advice is more dangerous because readers may implement it in debugging pipelines, eval harnesses, or monitoring systems and inadvertently retain sensitive reasoning content at scale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal