ClawHub

Handover Sync

Security checks across malware telemetry and agentic risk

Overview

This appears to be a documentation handoff skill that may edit several repository docs, with no evidence of hidden execution, credential access, persistence, or data exfiltration.

Install only if you want an agent to help maintain handoff and project documentation. When invoking it, explicitly name the files or ask for a dry run first if you only want a summary and do not want README, handoff, TODO, or runbook files changed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The example invocation phrases are very broad, natural-language requests such as 'Summarize today's work' and 'update the handoff,' which are likely to overlap with ordinary user intents. In agent systems that auto-route or infer skills from prompts, this can cause unintended activation of the skill and lead to unsolicited repository inspection and documentation edits beyond what the user specifically intended.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger examples are broad enough to match common end-of-session requests such as 'summarize what was done today' or 'organize current status,' which can cause the skill to activate in situations where the user may only want a summary rather than repository modifications. In this skill's context, that is more dangerous because the README also describes default synchronization of multiple documentation files, increasing the chance of unexpected write actions from an ordinary request.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README states that the skill will, by default, update multiple files including handover.md, README.md, and related TODO/runbook documentation, but it does not clearly warn the user that invoking the skill may modify several repository documents. This is risky because a user asking for a simple session wrap-up could unintentionally trigger broader documentation edits, especially when combined with the skill's broad trigger examples.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad, generic, and map to common end-of-session user language, which increases the chance the skill is invoked when the user intended a lighter-weight summary or a narrower edit. In an agent setting, that can cause unintended multi-file documentation changes, scope expansion, and overwriting of handoff or README content without sufficiently explicit user consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The template declares very broad default trigger phrases such as requests to summarize work, update handoff docs, or write down problems and next steps. In an agent setting, these phrases can match ordinary conversation and cause the skill to activate unexpectedly, leading to unintended edits to README or handover files and potentially overwriting user-intended behavior. The risk is amplified because the template also instructs updating multiple files by default.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal