ClawHub

Mini-Agent

Security checks across malware telemetry and agentic risk

Overview

Mini-Agent is a plausible coding assistant, but it grants broad file, shell, process, credential, and logging authority without enough scoping or safety guidance.

Review the upstream Mini-Agent repository before installing. Use it only in a sandbox or tightly scoped project directory, pin the install source if possible, use a dedicated MiniMax API key, manually confirm overwrites and shell/process actions, and regularly protect or delete ~/.mini-agent logs and config.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation states that logs capture full requests, responses, and tool results, explicitly including user messages and the LLM's thinking/tool activity. In an agent that performs file operations and command execution, these logs can easily contain secrets, proprietary code, filesystem contents, command outputs, and sensitive prompts, creating a broad data-exposure risk far beyond normal operational logging.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The log description does not warn users that sensitive data may be persisted, despite stating that user messages, tool calls, and detailed tool results are recorded. Because this coding assistant can access files and execute commands, the resulting logs may capture credentials, source code, tokens, environment data, and command output, making silent persistence particularly dangerous.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
These examples encourage creating, overwriting, and editing files, including complete replacement of file contents, without any caution about backups, confirmation, or scope verification. In a skill that explicitly supports file operations, such examples can normalize destructive actions and increase the chance of accidental data loss or unsafe use by operators.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The process-management examples include stopping services and processes without warning about service interruption, production impact, or the need to verify the target first. Because this skill is designed to execute system operations, such examples could lead users to disrupt active workloads or terminate the wrong service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Bulk rename and bulk text-replacement operations can modify many files at once and may be difficult to reverse if run incorrectly. Presenting these examples without warnings, dry-run guidance, or backup recommendations is risky in a skill that performs filesystem changes directly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes sensitive capabilities such as file writes, command execution, and service management, but it does not warn users about possible system changes, data loss, privilege misuse, or the need to verify commands before execution. In an agent skill context, normalizing these actions without safety guidance can increase the likelihood of unsafe use, especially by inexperienced users who may assume all prompted operations are harmless.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises arbitrary file overwrite, shell command execution, and background process control, but provides no safety guidance, permission boundaries, or warnings about destructive system effects. In an agent skill context, these capabilities materially increase the risk of accidental data loss, unsafe command execution, persistence via background jobs, and misuse by prompt-influenced workflows.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to store an API key in config and describes logs that capture requests, responses, tools, and results, but does not warn that secrets or sensitive prompts may be written to disk or transmitted externally. This can lead to inadvertent credential exposure, privacy leakage, and retention of confidential data in local log files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal