ClawHub
Back to skill

Security audit

Autoresearch.Bak

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate experiment-running skill, but it can autonomously edit code, run shell commands, and hard-reset git state until the user stops it.

Install only if you intend to let an agent run experiments in a clean disposable branch, worktree, or clone. Before running it, recreate or inspect `autoresearch.config.md`, approve exact target files and commands, set a hard time or experiment limit, require a clean `git status`, and do not allow automatic hard resets in a repository with unrelated work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad phrases like "optimize" and "find the best config," which can activate this skill for ordinary requests that do not imply consent for autonomous code modification, shell execution, branching, or repeated experiments. In this skill, accidental invocation is more dangerous because the behavior includes persistent file edits, command execution, and looping actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to write files, run arbitrary experiment commands, create branches, and perform destructive git operations, but it does not require an upfront safety warning or explicit user confirmation immediately before those actions. Because the skill is user-invocable and defaults into setup/run behavior, a user may trigger high-impact local actions without understanding the consequences.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
#    If the run crashed or timed out:
#    - Read the error from run.log
#    - Record as crash in results.tsv
#    - Revert: git reset --hard HEAD~1
#    - Diagnose and try a different approach
```
Confidence
97% confidence
Finding
git reset --hard

Tool Parameter Abuse

High
Category
Tool Misuse
Content
→ Log: "KEEP: <description> (<metric>: <old> → <new>)"

ELIF metric equal or worse:
    → DISCARD: git reset --hard HEAD~1
    → Log: "DISCARD: <description> (<metric>: <value> vs best <best>)"

ELIF crashed or timed out:
Confidence
98% confidence
Finding
git reset --hard

Tool Parameter Abuse

High
Category
Tool Misuse
Content
→ Log: "DISCARD: <description> (<metric>: <value> vs best <best>)"

ELIF crashed or timed out:
    → CRASH: git reset --hard HEAD~1
    → Log: "CRASH: <description> (error: <brief error>)"
```
Confidence
98% confidence
Finding
git reset --hard

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.