ClawHub

Ai Workforce

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it grants a business agent broad persistent autonomy with some hidden or under-scoped file, cron, worker, and git behavior.

Install only if you intentionally want a persistent semi-autonomous business operator. Before enabling it, require visible consent before memory writes, cron jobs, worker spawning, git commits, and any git push; keep secrets out of markdown files; review shared worker context for sensitive details; and keep spending, public posts, external communications, account changes, and destructive cleanup at explicit approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to initialize git repositories, commit all workspace contents, and push to any configured remote. In a skill that also encourages aggressive memory capture, this creates a realistic path to exfiltrating sensitive business context, personal notes, and accidentally persisted secrets to external infrastructure without an explicit per-action approval gate.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The capability discovery section tells the agent to audit available tools and skills and proactively expand its reach. This broadens operational scope beyond the user’s immediate request and can lead the agent to enumerate powerful integrations, propose new automations, and take actions in adjacent systems that increase attack surface and the chance of unsafe tool use.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The capability-audit prompt expands a reflection task into active reconnaissance and enablement: it tells the agent to enumerate available tools and installed skills, reason about new business uses, and 'set them up.' In an autonomous business-operator skill, this increases the chance of unreviewed capability expansion, privilege creep, and unexpected side effects beyond passive documentation or memory maintenance.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill description is extremely broad and can match many normal business-management prompts, increasing the chance that it activates in contexts where the user did not intend to grant autonomous behavior, memory persistence, delegation, or system modification. Over-broad triggering is dangerous here because the skill includes operational autonomy and persistent state changes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quick setup tells the agent to create workspace structures and set up reflection cron jobs immediately, without an upfront warning or explicit consent for system and workspace modification. Combined with autonomous operation, this can cause persistent background behavior and filesystem changes that the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill promotes proactive monitoring, shared organizational memory, and worker delegation involving business and personal context, but lacks a strong upfront privacy notice and consent model. Even though it includes some isolation and PII guidance later, the design still encourages broad collection, propagation, and retention of sensitive contextual data across files and sub-agents.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This prompt instructs the agent to perform broad, persistent file modifications across memory and bank documents, including pruning content from MEMORY.md, without any explicit approval gate, dry-run mode, or warning before destructive changes. In an autonomous cron context, that creates a real integrity risk: the agent can overwrite, mutate, or delete important operational knowledge based on imperfect interpretation of logs, especially because it is also told to 'implement' process/doc changes automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The prompt instructs the agent to archive old daily logs and aggressively prune MEMORY.md without requiring confirmation, defining protected data classes, or providing rollback/preview safeguards. In an autonomous 'Chief' skill, these broad maintenance actions could cause unintended loss of readily accessible operational context or mis-archival of important records, especially if the agent misjudges what is 'genuinely needed' for daily operations.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The entity maintenance instructions authorize archiving inactive entities and cleaning up duplicate or redundant pages, but provide no verification workflow or warning about modifying stored records. In this skill's knowledge-management context, entity records may encode business relationships, trust context, or long-tail operational history, so incorrect archival or deduplication can silently degrade future decisions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The process review section tells the agent to remove processes unused for 60+ days, which risks deleting infrequent but still valid workflows and losing historical operational knowledge. Because this skill is designed for autonomous business operation, the agent may over-apply cleanup and eliminate procedures needed for seasonal, compliance, emergency, or low-frequency tasks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The prompt explicitly instructs the agent to create and modify persistent files across memory/ and bank/ without any user-facing disclosure, confirmation step, or guardrails on when those writes are authorized. In an autonomous cron context, this can silently alter trust records, opinions, process documentation, and stale-item tracking, which creates integrity risk and can compound over time if the agent misinterprets evidence or is manipulated by poisoned logs.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly tells the agent to "silently" create and update multiple files while the user is still conversing, without notice or consent. That creates covert state changes and hidden persistence of business and personal information, which is dangerous because users may disclose sensitive data without realizing it is being stored and structured for future use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to perform potentially external actions like researching a competitor or market "right now" without warning the user that this may involve network access or transmitting query content to external services. In an autonomous business-operator context, that can leak confidential business context or trigger unintended external interactions without informed approval.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The daily reflection prompt authorizes the agent to append to multiple persistent knowledge files and prune MEMORY.md automatically, without requiring explicit user consent at execution time or a safety check before modifying stored data. In a trust-based autonomous skill, this can silently alter, condense, or misclassify important records, making data loss or integrity issues more likely even if the stated intent is careful bookkeeping.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The monthly consolidation prompt directs archival and removal-style maintenance across memory and bank files, including deep pruning and removing unused processes, without an explicit warning or approval checkpoint for potentially impactful changes. Although it says 'archive, never delete,' these autonomous retention actions still reshape the knowledge base and can hide, relocate, or effectively retire important information in ways the user may not expect.

Ssd 3

Medium
Confidence
98% confidence
Finding
These instructions direct the agent to persist user-provided business details, operational preferences, and information about other people or companies across several files, including shared knowledge stores. Silent multi-file recording increases privacy and data governance risk, especially because it may capture personal data, sensitive business information, and third-party details beyond what the user expects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal