ClawHub

toolguard-daemon-control

Security checks across malware telemetry and agentic risk

Overview

This skill is openly meant to manage macOS background services, but its installer has unsafe input handling and can immediately create persistent auto-restarting services.

Use only if you explicitly need a macOS launchd service manager. Before installing, review the exact command, arguments, working directory, and environment values; do not pass secrets through --env. Prefer a patched version that removes eval, validates service names and environment keys, escapes plist XML, and asks for confirmation before loading persistent services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly creates persistent launchd agents, auto-restarts them, and writes plist and log files on disk, but it does not present a prominent user-facing warning about these durable side effects. This can lead to users unintentionally installing background persistence that survives the current session and continues running without clear consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes a launchd plist and immediately loads it, creating a persistent background service without any confirmation or explicit warning to the user. In a daemon-management skill this behavior is expected, but it is still security-relevant because persistence is established as soon as the script is run, which can surprise users and make unintended long-lived execution easier.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Environment variables provided with --env are embedded directly into the generated plist on disk in plaintext. If callers pass secrets such as API keys or tokens, those values become recoverable from the user's LaunchAgents directory and may also be exposed through backups or local inspection.

Session Persistence

Medium
Category
Rogue Agent
Content
EOF

# Load and start service
launchctl load "$PLIST_PATH"

echo "Service '${SERVICE_NAME}' installed and started."
echo "  Label:  ${LABEL}"
Confidence
91% confidence
Finding
launchctl load

Session Persistence

Medium
Category
Rogue Agent
Content
EOF

# Load and start service
launchctl load "$PLIST_PATH"

echo "Service '${SERVICE_NAME}' installed and started."
echo "  Label:  ${LABEL}"
Confidence
91% confidence
Finding
PLIST

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal