ClawHub

Jumpstart

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only coding workflow that openly tells the agent to edit project files, run local scripts, and make git commits for a long-running development harness.

Install only if you want an agent to actively manage and modify a coding project. Use it on a clean branch or disposable workspace, inspect the generated `init.sh`, keep secrets out of the repo, review `git status` before commits, and use small `jumploop --n` values until you trust the workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that `jumpstart` will scaffold files and make an initial git commit, but it does not clearly warn users that invoking the skill will modify the workspace and repository history. In an autonomous agent context, undisclosed write and commit behavior can lead to unintended changes, accidental repository pollution, and user surprise, especially if run in the wrong directory or on an unclean branch.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes `jumpsession`, `jumploop`, and `jumpfree` as autonomously implementing features, verifying them, updating logs, and committing code, but it does not prominently disclose that these commands will change source files and repository state. Because this skill is specifically designed for long-running autonomous coding sessions, the lack of strong upfront warnings makes unintended or excessive modifications more dangerous than in a passive documentation context.

Vague Triggers

High
Confidence
91% confidence
Finding
The skill’s activation criteria are broad enough to trigger on many generic software-project and planning requests, which can cause the agent to enter an autonomous long-running workflow when the user did not clearly request it. In this skill, that broad triggering is especially risky because activation leads to file creation, shell script setup, git commits, and repeated session behavior, increasing the chance of unintended workspace modification.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to create files, chmod scripts, run init scripts, and make git commits, but it does not prominently require an upfront warning or explicit confirmation that these actions will modify the user’s workspace. Because the skill is designed for repeated autonomous sessions, this omission can lead to unexpected file changes, executable script creation, and repository history changes that the user may not have intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal