ClawHub

Ai Company Cro 2.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed governance and risk-management skill with broad activation terms and cross-agent coordination, but no evidence of hidden installation, exfiltration, destructive code, or credential access.

Install this only if you want an agent to help coordinate enterprise risk, compliance, and crisis workflows. Because it can route work to other agents, use explicit prompts and confirm scope before allowing circuit-breaker, escalation, or cross-agent actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains very broad terms such as '风险管理', '合规审计', 'AI风险', and 'CRO', which are likely to appear in ordinary conversation. This can cause unintended invocation of a high-privilege governance skill, expanding the skill's reach into unrelated contexts and increasing the chance of inappropriate cross-agent actions or sensitive risk-processing workflows being activated.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The log states that a generic user request to invoke a CRO automatically triggered a recruitment/onboarding flow when the CRO was missing. This is dangerous because loosely scoped activation can cause privileged agent creation or workflow execution without explicit authorization, enabling unintended capability expansion, policy bypass, or abuse through simple prompt phrasing. In this skill context, the danger is higher because the CRO role is tied to governance, compliance, crisis response, and circuit-breaker authority, which are high-impact enterprise functions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal