ClawHub

GStack Dev Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only development workflow, but it gives agents broad authority to edit code, commit, use a browser, push to remotes, and open PRs without clear confirmation gates.

Install only if you want an agentic coding workflow that may modify files and interact with git. Before use, tell the agent to pause before commits, browser actions on non-local systems, git pull/rebase, git push, opening PRs, or any deploy-like step; confirm the repo, branch, remote, diff, and commit message first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The Ship Prompt explicitly instructs a subagent to perform state-changing repository actions such as `git pull --rebase`, `git push`, and opening a PR, culminating in 'One command to production.' That goes beyond passive workflow guidance and authorizes an agent to change remote state and advance code toward deployment, which is dangerous if the agent is operating on unreviewed or attacker-influenced changes.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The Test Prompt allows the QA subagent to fix bugs during testing, create atomic commits, and write regression tests. This grants a testing-oriented agent implementation and version-control authority, increasing the chance that a malformed prompt or adversarial test target could induce unintended code changes or commits without adequate review separation.

Context-Inappropriate Capability

Low
Confidence
84% confidence
Finding
The Build Prompt instructs the implementer subagent to commit code atomically per milestone with descriptive commit messages. While common in developer workflows, this still gives an autonomous agent permission to mutate repository history and persist changes, which can be abused or can prematurely record unsafe code before human review.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match many ordinary software-help requests, which increases the chance this skill is invoked when the user did not explicitly ask for a multi-phase workflow with subagents. That matters because the skill includes downstream actions like browser-based testing and ship/push steps, so over-triggering can steer the agent into higher-risk operational behavior than the user intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs browser-driven testing and git sync/push/PR actions without explicit safety boundaries, dry-run defaults, or confirmation requirements before touching external systems. In context, this is more dangerous because the skill is a general-purpose development workflow likely to be triggered on routine requests, so an agent could navigate real apps, mutate state, or push code remotely without sufficiently informed user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal