ClawHub

Operately CLI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Operately CLI skill, but it gives agents broad workspace-admin powers without enough confirmation guidance for destructive or permission-changing actions.

Install only if you intend to let an agent operate a real Operately workspace. Use a least-privilege or read-only token where possible, verify the profile and base URL before running commands, avoid putting real passwords or tokens directly on the command line, and require explicit confirmation before any delete, permission, member/admin, publication, notification, or file-upload action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is very broad and covers many generic workplace and company-operations tasks, which can cause an agent to invoke this skill in situations where a narrower, safer tool would be more appropriate. Because this CLI can create, update, and delete remote Operately workspace data, overbroad routing increases the chance of unintended high-impact actions from vague user requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-reference section presents many mutating commands without a prominent warning that they affect live remote workspace state. In an agent setting, this can lead to users or automation treating examples as harmless inspection commands and accidentally creating, modifying, or deleting organizational data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation includes inline examples with tokens, passwords, and email/password login flags without a clear warning not to place secrets on the command line. Command-line secrets can be exposed through shell history, process listings, logs, transcripts, and agent telemetry, making credential compromise more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly recommends `operately auth login --token <token>` and elsewhere supports flags like `--password`, which encourages passing secrets directly on the command line. Command-line arguments are commonly exposed via shell history, process listings, audit logs, CI job logs, and telemetry, so this can leak reusable credentials even when the underlying auth flow is otherwise correct.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file includes company-level destructive commands such as deleting admins and members without any adjacent warning, confirmation guidance, or rollback caveats. In an operational CLI skill, this is dangerous because users may copy-paste examples directly and unintentionally revoke privileged access or remove people from the workspace, causing service disruption or administrative lockout.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows a space deletion command as a normal workflow example without warning that it is destructive. In this skill context, users are likely to use the page as copy-paste operational guidance, so presenting deletion commands without caution increases the chance of accidental deletion of collaboration spaces and associated workflow disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal