ClawHub

Claude Code Runner

Security checks across malware telemetry and agentic risk

Overview

This skill has a real automation purpose, but it can auto-approve actions, write changes back to projects, and is vulnerable to unintended shell command execution.

Review carefully before installing. Use only in a disposable container or throwaway version-controlled copy, with an unprivileged dedicated user. Do not pass untrusted prompts or unusual project paths, and avoid sudo/root use until command construction, auto-approval, and write-back are made safer and explicitly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly advertises automatic confirmation handling and automatic synchronization of changes back to the original directory, but it does not prominently warn that this can cause unattended code changes or approval bypass in sensitive workflows. In the context of an agent skill that executes coding tasks and writes results back into a real project, this increases the risk of unintended or unsafe modifications being applied without adequate human review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented behavior includes syncing changes back from a temporary workspace into the original project, but the user-facing description does not prominently warn that local files will be modified automatically. This can lead to unintended overwrites, propagation of bad edits, or destructive changes in sensitive repositories without adequate user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatically answering confirmation prompts bypasses an important safety boundary intended to make users review sensitive or destructive actions before execution. In a code-modifying tool, this increases the chance that package installs, file rewrites, command execution, or other risky actions proceed without human verification.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script automatically sends 'y' whenever output contains broad prompt-like substrings such as 'proceed' or 'continue', then syncs resulting file changes back to the original project. This can approve destructive, security-sensitive, or privilege-relevant actions without human review, and in this skill context the invoked agent is explicitly allowed to modify code, making the behavior especially dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal