Back to skill

Security audit

Clawdhub Copy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawdHub CLI wrapper, but it gives an agent broad ability to install, force-update, bulk-update, and publish skills without enough guardrail language.

Install only if you want an agent to manage ClawdHub skills. Require explicit approval before any install, update, `update --all`, `--force`, `--no-input`, login, or publish command; review the target directory and registry, prefer pinned versions, and publish only folders you have checked for sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly instructs users to install and publish software via npm and the ClawdHub CLI, which can modify the local environment and skill directories, but it does not warn about these side effects or advise verification before use. In a security-sensitive agent context, omitting those cautions increases the chance of unintended package installation, workspace modification, or publication of local content.

Missing User Warnings

High
Confidence
93% confidence
Finding
The documented command `clawdhub update --all --no-input --force` performs bulk, non-interactive, forced updates without any warning about overwriting local skill state or pulling unreviewed remote changes. In an agent workflow, this is especially dangerous because it can silently replace multiple installed skills at once, potentially introducing malicious or incompatible code and causing broad integrity loss.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.