ClawHub

Multi-viewpoint Debates

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a legitimate multi-agent debate workflow, but it under-explains the privacy impact of sharing and archiving full debate context and transcripts.

Install only if you are comfortable with debate topics and supporting context being sent to multiple sub-agents and potentially retained in local archives. Before use, avoid secrets, credentials, customer data, regulated information, and sensitive internal URLs; redact transcript excerpts before archiving or sharing; and delete old debate archives when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly encourages collecting and archiving full debate outputs and suggests using real context, metrics, URLs, and user data without any privacy guardrails. This can lead to unnecessary retention of sensitive business, personal, or user information in markdown archives that may later be searched, shared, synced, or exposed beyond the original decision-making context.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrase is very broad and maps the skill to common decision-making language without any clear scope limits, increasing the chance the agent invokes it in contexts where multi-agent debate is unnecessary, inappropriate, or costly. In an agent ecosystem, overly broad activation can cause unintended delegation, excessive prompt expansion, and exposure of sensitive user context to multiple sub-agents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly tells users to copy full sub-agent responses from local session transcript files, which can contain sensitive project details, personal context, URLs, metrics, or other data previously supplied to the agents. Because it gives no warning, minimization guidance, or redaction steps, it creates a realistic risk of inadvertent disclosure when users archive or share those transcripts.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instructions promote storing actual context, real user data, and full model outputs in a searchable long-term archive without minimization boundaries. Searchable aggregation increases the blast radius of any accidental sensitive disclosure, making later unauthorized access, oversharing, or secondary misuse more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal