ClawHub

Agent Dev Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a coherent coding-agent workflow, but it defaults to highly privileged agent execution and automatic project file changes that users should review carefully.

Install only if you intentionally want an agent-orchestration workflow with broad local authority. Prefer changing the default command to a non-bypass permission mode, run it only in clean project worktrees, review any `llmdoc/` or `CLAUDE.md` changes, and inspect the final diff before merging or committing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly requires running coding agents with `--permission-mode bypassPermissions`, which disables normal safety boundaries and grants the agent broad authority over the local environment. In a workflow that automatically reads project files, modifies configs, and dispatches further sub-agents, this materially increases the chance of unintended destructive changes, secret exposure, or unsafe command execution from ambiguous or adversarial task input.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
This section operationalizes unrestricted execution as the normal dispatch path for each task, turning elevated autonomy into standard behavior rather than an exception. Because the workflow is designed to implement arbitrary coding requests, a malicious repository, prompt injection in project docs, or a mistaken task card could cause the agent to modify sensitive files or run unsafe commands without meaningful checkpoints.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Declaring `bypassPermissions` as the default agent selection bakes excessive privilege into the skill's baseline behavior across all uses. Since this skill is broadly triggered for normal development tasks, the elevated mode is not narrowly justified and amplifies the blast radius of ordinary mistakes, hostile codebases, or compromised agent instructions.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are very broad, covering generic coding requests and common phrases like 'implement/build/fix this,' which increases the likelihood that the skill is invoked in situations the user did not intend. In this skill, overbroad activation is more dangerous because invocation leads into an automated workflow that can dispatch powerful coding agents and modify project state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs use of elevated-permission agent execution without clearly warning the user that the agent will operate with reduced safeguards. Lack of disclosure undermines informed consent and makes it easier for users to trigger high-autonomy behavior without understanding the risks to their files, configs, or local environment.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
These instructions allow the workflow to automatically generate or repair project documentation and root configuration files, but the skill description does not clearly tell the user that such project-level modifications may happen. Silent config changes are risky because they can alter tool behavior, introduce persistence, or normalize unsafe settings without the user's informed review.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal