ClawHub

EasyClass Auto-Improve

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed automation workflow, but it asks an agent to repeatedly change, commit, and push code without clear user approval boundaries.

Install only if you intentionally want a recurring autonomous coding workflow. Run it on a feature branch in a specific repository, protect main branches, require review before pushes or merges, and avoid putting credentials or sensitive instructions in TASKS.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description markets the skill as broadly applicable for automated development on a recurring basis without defining explicit scope, approval gates, or execution boundaries. In a skill that can modify code and interact with git, ambiguous invocation language increases the chance of unintended autonomous execution on sensitive repositories or tasks the user did not mean to delegate.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The usage section explicitly frames the workflow as something that runs every 30 minutes, but it does not define stopping conditions, repository allowlists, approval checkpoints, or safe trigger boundaries. Because the workflow includes implementation, testing, committing, and pushing, an always-on loop can continuously make and publish unintended changes, amplifying mistakes or prompt-injection-driven behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented workflow includes code changes, task updates, commits, and pushes, but it does not prominently warn users that the skill can perform automatic repository writes and remote publication. In practice, this can lead to accidental data loss, unsafe code landing in shared branches, or unauthorized publication of generated changes if users assume the skill is advisory rather than mutating.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal