ClawHub

Parallel Agents

Security checks across malware telemetry and agentic risk

Overview

This skill openly creates parallel AI sub-agents, but those agents inherit host-level tools and access without clear containment or approval boundaries.

Install only if you are comfortable with child agents inheriting the host agent's available tools and context. Use it in low-risk or sandboxed workspaces, keep concurrency and retries small, avoid production credentials and destructive tools, redact private code and secrets before passing tasks, monitor spawned sessions, and be deliberate before saving raw results to disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that each spawned agent has the same tools and access as the host, but it does not warn users that this effectively multiplies privileged execution and can expose user data, secrets, files, and destructive system capabilities across several independent AI sessions. In this context, parallel spawning increases the blast radius of prompt injection, mis-execution, and data exfiltration because multiple agents can act concurrently with host-equivalent permissions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly states that spawned sub-sessions are able to use all the same tools as the host, but it does not pair that capability with a clear safety warning, approval boundary, or least-privilege guidance. This is dangerous because users may treat sub-agents as harmless helpers when they actually inherit powerful tool access and can act autonomously on external systems, files, or network resources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide includes an example that reads local source code and sends its full contents to multiple spawned agents for review without any warning about confidentiality, minimization, or authorization. In practice, users may copy this pattern and unintentionally disclose proprietary code, secrets, embedded credentials, or regulated data to additional model-backed sessions, expanding the data exposure surface.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The orchestrator spawns sub-sessions with prompts derived from task_description and input_data, while the module documentation states spawned agents can use the same tools as the host session. Without in-code guardrails, tool restrictions, allowlists, or trust boundaries, untrusted task content can cause child agents to exercise powerful host-equivalent capabilities, leading to prompt-injection-driven misuse, sensitive data access, or destructive actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal