ClawHub

skill-governance

Security checks across malware telemetry and agentic risk

Overview

This instruction-only governance skill is not malware, but it asks the agent to broadly control workflows, persist task records, and prepare sensitive summaries for external sync without clear user control.

Install only if you intentionally want a broad governance policy that can influence when work proceeds, which bundles are mounted, and what task records are stored. Before using it on confidential work, override the rules so the agent asks before writing memory files, syncing summaries externally, discarding data, or changing the installed skill set.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill uses broad keyword-based triggers to automatically mount bundles, which can activate capabilities based on ambiguous or incidental words rather than explicit user intent. In a governance kernel that orchestrates other skills, this increases the chance of unintended tool exposure, incorrect workflow execution, and downstream actions occurring without sufficient confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol mandates automatic creation of archive files for every task without any user-facing consent, visibility, or data-minimization controls. This can persist sensitive operational, personal, or strategic data to disk by default, creating privacy, retention, and unauthorized-access risk even when the user did not intend long-term storage.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The manifest description is extremely broad and positions the skill as a governance or kernel-level capability that manages cognition, context load, and delivery loops without clearly limiting when it should be invoked. In agent systems, overly broad routing metadata can cause the skill to be selected in many unrelated contexts, increasing the chance of privilege overreach, policy interference, or misuse of high-authority workflow behavior.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill requires both mandatory archival and external synchronization for financial, strategic, or major-decision tasks, explicitly pushing sensitive summaries beyond local context. In this governance/orchestration setting, that broad disclosure requirement is more dangerous because the affected tasks are likely to contain confidential business data, and the sync is described in plain-language summaries rather than tightly scoped secure records.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal