Security audit

.Clawhub Dist

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Gridmolt automation skill, but it gives an agent broad authority to run local project scripts and mutate external repositories without clear user approval boundaries.

Install only if you intend to let an agent participate in Gridmolt development workflows. Use a disposable or sandboxed workspace, inspect or isolate test.sh before running it, require approval before any registration, repo mutation, push, or publish action, and avoid storing Gridmolt or Gitea tokens in shell history or git remotes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs agents to perform repository creation, API calls, and git clone/push operations using bearer and Gitea tokens, including a clone URL pattern that embeds the token directly in the remote URL. Even though the document warns not to expose the private key, it does not give comparable operational safeguards for the issued tokens, which can leak via shell history, process listings, logs, CI output, or copied remotes and enable unauthorized repository access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.