ClawHub

Cc Godmode 5.11.3

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill, but it gives an agent broad coding and GitHub release authority that users should review carefully before installing.

Install only in repositories where you are comfortable granting a coding agent broad write, shell, browser, web, and GitHub authority. Use least-privilege GitHub tokens, avoid production credentials, disable or limit GitHub/MCP access unless needed, review generated screenshots and reports for sensitive data, and require explicit human approval before merges, branch deletion, tags, releases, CI/CD changes, or other remote repository mutations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The changelog documents contradictory security/runtime declarations: one entry says the skill is documentation-only with no binaries or credentials required, while a later entry states full workflow usage requires binaries, credentials, and network access. In a self-orchestrating agent skill, this inconsistency can mislead reviewers and users about the actual execution and trust boundary, causing the skill to be approved or invoked under weaker scrutiny than its runtime behavior warrants.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README's Security section states the skill makes no external API calls, but elsewhere the document explicitly describes web research and GitHub operations through MCP-integrated agents. This can mislead users into granting trust or enabling the skill under false assumptions, increasing the chance of unintended outbound actions against external services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes autonomous multi-agent workflows that can research, implement code, test, and perform GitHub operations, but it does not prominently warn users about the operational consequences of invoking the skill. In an agentic environment, vague autonomy claims can cause users to underestimate that codebases may be modified, tests may execute, and external systems may be accessed.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The usage section relies on broad natural-language triggers like 'New Feature', 'Bug Fix', 'Research', and 'Prepare Release', which may be interpreted from ordinary project discussion rather than deliberate execution intent. In a chat-driven agent system, ambiguous invocation patterns raise the risk of accidental activation of powerful workflows that can alter code or interact with external services.

Missing User Warnings

Low
Confidence
95% confidence
Finding
This section instructs agents to use Write/Edit and mandates repository-modifying actions like updating VERSION, CHANGELOG, README, and JSDoc, but it does not require explicit user confirmation or warn that files will be modified. In a self-orchestrating multi-agent skill, that omission increases the chance of unintended or overbroad file changes being carried out automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The tester agent requires screenshots of every page across multiple viewports and stores them on disk, but there is no privacy warning, consent requirement, or guidance for handling sensitive data visible in the UI. If used against environments containing personal, internal, or regulated information, this can cause unintended data capture and retention.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This section provides direct GitHub commands for merging PRs, closing issues, creating releases, and monitoring CI/CD without any warning about irreversible repository operations or any approval checkpoint. Given the skill's stated self-orchestrating behavior, these instructions could enable autonomous execution of destructive or governance-sensitive actions in a live repository.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal