ClawHub

Agent Autonomy Kit.Bak

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it promotes unattended autonomous agent work with broad file changes, team posting, and scheduled execution without enough boundaries.

Install only if you intentionally want unattended autonomous agent work. Keep the task queue limited to trusted, low-risk tasks; require human approval for public posts, account actions, destructive changes, sensitive data access, and large code changes; review any Discord or Slack outputs; monitor or disable cron jobs; and verify the source repository before cloning.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly instructs the agent to pull work from a persistent queue and update local task and memory files, but it does not clearly warn users that enabling this skill will cause autonomous modification of repository-local files. In an agent skill, undocumented autonomous writes can lead to unexpected state changes, audit gaps, or accidental corruption of project files, especially when users assume the skill is advisory rather than operational.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron examples schedule autonomous work sessions and reporting without a human prompt, including instructions to perform research, writing, analysis, and team-spawning behavior. Unattended execution materially increases risk because the agent may act on stale context, perform unintended actions, or modify files and coordination channels without timely human review.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description "Stop waiting for prompts. Keep working." encourages autonomous behavior without stating boundaries, approval requirements, or environmental constraints. In agent ecosystems where skills may be selected from metadata alone, this broad language can increase unintended invocation and normalize unattended operation beyond user intent.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The phrase "Transform your agent from reactive to proactive" is marketing language that expands perceived activation scope without clarifying what the agent may proactively do. This is risky because it can encourage overbroad use of the skill in contexts involving file changes, external actions, or long-running workflows without explicit consent boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Quick Start explicitly instructs users to set up cron jobs for overnight work and daily reports, but it provides no warning about risks from unattended or scheduled autonomous execution. In context, this materially increases danger because the skill is specifically designed to keep agents operating without prompts, which can amplify mistakes, unauthorized actions, resource consumption, and unnoticed harmful behavior over time.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The work-mode section tells the agent to autonomously read a task queue, select work, execute it, and update shared state whenever there is no urgent human input. Those instructions are broad and lack explicit trigger boundaries, approval gates, or scope restrictions, which can cause unintended autonomous action in routine contexts and amplify the effect of any malicious or erroneous task content already present in the queue.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The instruction 'Idle time = wasted tokens. Keep working.' pushes persistent autonomous behavior without defining stopping conditions beyond token exhaustion. In an autonomy-focused skill, this increases the chance the agent will continue taking actions, consuming resources, or making unintended changes even when no explicit user authorization for ongoing work exists.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal