ClawHub

Kickstart

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent agent setup package, but some guidance encourages persistent storage or sharing of sensitive personal and operational data.

Install only if you want an agent bootstrap system that creates persistent memory and instruction files. Before using it, remove any guidance to store raw API keys or secrets, keep personal profile fields minimal, avoid committing generated memory files, and require explicit confirmation before any email, Discord, or shared-channel posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is extremely broad and markets itself as the default foundation for many generic tasks, which can cause it to be invoked in situations beyond narrowly defined setup flows. That increases the chance an agent applies workspace-changing behavior in unrelated contexts, especially because the skill also includes file-creation and instruction-seeding behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create directories and files in the workspace during first run, framed as happening "in the background," without a prominent warning that filesystem changes will occur. Even though it says to ask before overwriting existing files, silent creation of new files can still surprise users, alter agent behavior persistently, and seed future instruction hierarchy with content the user did not explicitly approve line-by-line.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The morning briefing template directs the agent to inspect unread emails and post a summary to the main channel, but it provides no privacy guardrails, consent requirement, or filtering rules beyond 'urgent only.' In practice, this can disclose sensitive email content or metadata into a broader channel, especially if urgency is misclassified or the main channel includes other participants.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The weekly digest template instructs reviewing memory files from the past 7 days and announcing a summary, which can expose historical conversation content, decisions, and blockers without any disclosure boundary or sensitivity screening. Because memory files may contain personal, confidential, or security-relevant details, broadcasting a digest can leak information beyond its original context.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The example explicitly instructs a sub-agent to post generated content to a Discord channel and verify delivery, but it does not pair that action with an explicit approval gate or warning about transmitting data to an external service. In a protocol meant to be reused for autonomous task spawning, this normalizes outbound posting and can lead operators to delegate external communications without sufficient human review or data-sensitivity checks.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The document explicitly recommends logging 'API keys, project IDs, URLs, file paths' in daily memory notes, which encourages persistence of credentials in broadly reused agent memory. Even though another bullet says not to store sensitive data unless explicitly asked, that warning is undermined by the direct instruction to store API keys, creating a real risk of secret retention, leakage through context loading, logs, summaries, or downstream agents.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide explicitly tells users to populate USER.md with personally identifying information such as name, location, timezone, and notes, but provides no privacy warning, minimization guidance, or storage protection advice. In an agent workspace, these files may be read broadly by the agent, companion skills, backups, or version control, increasing the chance of unintended disclosure or profiling.

Ssd 3

High
Confidence
99% confidence
Finding
This section encourages storing reusable sensitive operational data in persistent memory logs, including credentials and project identifiers, so the agent can access them later. In an agent-memory architecture, such data may be loaded into future sessions, exposed in prompts, summaries, archives, or accidental sharing contexts, substantially increasing the blast radius of any compromise or mis-scoped context inclusion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal