ClawHub
Back to skill

Security audit

Autonomous Research

Security checks across malware telemetry and agentic risk

Overview

This research skill is purpose-related but needs Review because it can launch a broad autonomous command pipeline with auto-approval, local or SSH experiment execution, and weak command/input scoping.

Install only if you are comfortable running a long autonomous research workflow. Prefer environment variables for API keys, start in simulated mode, keep manual approvals enabled, verify the researchclaw executable source before use, avoid SSH mode unless you control the host and credentials, and do not submit confidential research topics unless third-party API and local retention behavior are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The top-level description understates the skill's operational risk by presenting it as a paper-generation orchestrator while the implementation can invoke an external CLI with sandbox and SSH remote execution modes. This kind of misleading disclosure can cause operators or reviewers to grant trust they would not otherwise give, especially when combined with long-running autonomous execution.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The exposed mode option explicitly includes 'ssh_remote', enabling the underlying pipeline to run commands on remote systems. In a skill context, unaudited remote execution materially expands the blast radius to remote hosts, credentials, data, and network resources, especially since there is no visible allowlist, host validation, or approval gating in this file.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.