ClawHub

MOA-Debate

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only debate helper that runs a structured multi-agent debate, with scanner concerns tied to expected debate prompts rather than hidden access or harmful behavior.

Safe to install for structured debate preparation. Use it deliberately because a run can make many model calls and may cost time or tokens; avoid sensitive motions or confidential business material unless your LLM provider setup is appropriate for that data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation criteria are very broad: phrases like 'stress-test an argument' or 'prepare for a formal debate' can match many ordinary reasoning or advisory requests. That increases the chance the skill activates unexpectedly and takes over the interaction flow, causing the agent to make multiple model calls, introduce random behavior, and transform a simple user request into a structured debate process the user did not intend.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly states that a typical run makes many LLM calls, which implies user-provided motion text and generated debate content may be transmitted repeatedly to external model providers. Without a clear warning, consent mechanism, or data-handling note, users may unknowingly submit sensitive or proprietary content into a multi-call pipeline, increasing privacy and compliance risk through repeated exposure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal