ClawHub

Agentic Workflow System

Security checks across malware telemetry and agentic risk

Overview

This skill appears to set up a self-running task workflow that can keep changing workspace files with limited user visibility, so it should be reviewed before use.

Install only if you intentionally want an autonomous, heartbeat-driven task workflow in that workspace. Before using it, confirm exactly which files it creates or edits, how to pause or disable it, and how you will monitor what it does between user messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases "set up the task system" and "agentic workflow" are broad enough that the skill could activate in contexts where the user did not explicitly consent to installing a persistent autonomous workflow. Because activation leads directly to workspace changes and background-style behavior, unintended invocation can cause surprising file writes and ongoing agent actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These instructions tell the agent to create and modify workspace files automatically as part of setup, but they do not require notifying the user or obtaining explicit approval at the moment of change. That can lead to unauthorized persistence-like configuration changes in the user's workspace, especially if the skill is invoked indirectly or ambiguously.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly describes continuous background operation driven by heartbeats and task execution "without user intervention," yet it omits any warning about the risks of autonomous execution, silent operation, and persistent state management. In context, this is more dangerous because the workflow also instructs the agent to avoid messaging the user during normal operation, reducing transparency and making unintended actions harder to detect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal