ClawHub

Project Coordinator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed project-coordination helper that can run commands, read and write workspace files, and spawn subagents, so it should be used with clear project boundaries.

Install only if you are comfortable letting a coordinator and subagents operate inside your workspace, including reading files, running shell commands, and creating or modifying project artifacts. Prefer the registry install over an unpinned GitHub branch, review the archive-project dependency before using archiving, and give the coordinator narrow project goals with checkpoints for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Scope Creep

Medium
Confidence
93% confidence
Finding
The documentation tells the Coordinator to use a `write` capability even though that permission is not declared in the manifest. This creates a dangerous mismatch between documented behavior and enforced permissions, which can mislead operators, break trust assumptions, or cause the skill to be granted broader access than intended in order to satisfy the docs.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation criteria are broad phrases like 'complex,' 'a few minutes,' or 'let's work on [project],' which can cause the skill to trigger for requests the user did not clearly intend to delegate. In a skill that can spawn subagents and execute shell commands via subagents, ambiguous triggering materially increases the chance of unintended system-impacting actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises permissions to spawn subagents, read workspace files, and execute shell commands via subagents, while the body also discusses file creation, but it does not provide a clear user-facing warning that these actions can change the workspace or run system commands. Users may invoke it without understanding operational consequences, which raises the risk of unintended modification or execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal