ClawHub

safe-shell-execution-claude-code

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only shell safety checklist with no executable payload, though users should tighten its handling of very destructive commands for stricter environments.

Safe to install as a guardrail or checklist, not as a complete enforcement policy. Before relying on it, consider changing local rules to reject root or broad recursive deletion, block unsafe force pushes and --no-verify by default, and require explicit human review for sensitive file writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### File System

```
rm -rf / rm -fr / rm -r -f / rm -f -r  → "May recursively force-delete files"
```

---
Confidence
88% confidence
Finding
rm -rf / rm -fr /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
git stash drop / clear        → "May permanently delete stashed content"
git branch -D                 → "May force-delete a branch"
git commit --amend            → "May rewrite the last commit"
git commit/push --no-verify   → "May skip security hooks"
```

### File System
Confidence
90% confidence
Finding
--no-verify

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### File System

```
rm -rf / rm -fr / rm -r -f / rm -f -r  → "May recursively force-delete files"
```

---
Confidence
88% confidence
Finding
rm -rf / rm -fr / rm -r -f /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```
git reset --hard              → "May discard all uncommitted changes"
git push --force / -f         → "May overwrite remote history"
git clean -f (without -n flag) → "May permanently delete untracked files"
git checkout -- .             → "May discard all workspace changes"
git restore .                 → "May discard all workspace changes"
Confidence
79% confidence
Finding
git push --force

Tool Parameter Abuse

High
Category
Tool Misuse
Content
### Git Operations

```
git reset --hard              → "May discard all uncommitted changes"
git push --force / -f         → "May overwrite remote history"
git clean -f (without -n flag) → "May permanently delete untracked files"
git checkout -- .             → "May discard all workspace changes"
Confidence
78% confidence
Finding
git reset --hard

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal