ClawHub

Ai Company Coo 2.0.0

Security checks across malware telemetry and agentic risk

Overview

This COO governance skill is mostly coherent, but it needs Review because it combines broad activation with write, network, and agent-delegation authority while its budget and personnel boundaries are not consistently scoped.

Install only in a dedicated workspace and treat it as an operational-governance assistant, not a harmless planning template. Require explicit invocation, confirm before any write, network, webhook/email, session, resource, budget, or personnel-related action, and avoid feeding it sensitive HR, financial, or business data unless the receiving agents and storage locations are approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill defines contradictory authority boundaries: earlier it forbids the COO from making personnel or budget decisions, but later grants autonomous authority for some budget-impacting operational decisions and allows personnel-change proposals. In an agentic system, inconsistent policy text can be exploited or misinterpreted to justify unauthorized actions, especially when the skill has write, network, and subagent/session capabilities.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger set includes broad business terms such as COO, 运营, OKR, 流程优化, and 智能化 that are likely to appear in ordinary conversation. This increases the chance of accidental invocation, which is more dangerous here because the skill can write files, access APIs, and use sessions/subagents, potentially causing unintended actions or data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requests write and network/API permissions, plus session/subagent capabilities, but the user-facing description does not clearly warn that it may modify files or communicate externally. This creates a consent and safety gap: users may invoke what appears to be a planning/governance assistant without realizing it can perform side-effecting operations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal