ClawHub

War Room

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly coherent multi-agent planning tool, but it asks agents to keep waking themselves with cron and to proactively open generated files without clear user consent or stop limits.

Install only if you want a persistent multi-agent workflow that creates and updates local project files. Use it in a dedicated workspace, avoid putting secrets in briefs or DNA files, require explicit approval before scheduling cron follow-ups or opening files with OS viewers, and confirm you know how to view and cancel any scheduled jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This section broadens the skill from planning into concrete execution such as scaffolding projects, creating task boards, building landing pages, and conducting research. That scope expansion increases the chance the skill will be triggered for high-impact actions without clear user intent or appropriate guardrails.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The continuity protocol introduces autonomous cron-based re-entry and repeated polling behavior for a skill whose declared purpose is brainstorming and coordination. Even if implemented through an authorized API, unattended scheduling materially increases persistence and autonomy, which can surprise operators and amplify mistakes over time.

Context-Inappropriate Capability

Low
Confidence
81% confidence
Finding
Launching files through OS-level viewers is not inherently malicious, but it crosses from document generation into host interaction. In a multi-agent skill, that extra capability can create unnecessary side effects, especially if artifact paths or file types are not tightly constrained.

Intent-Code Divergence

Low
Confidence
87% confidence
Finding
Reframing the skill as a pipeline to build and ship products materially changes its risk profile from advisory to action-oriented. Users selecting a brainstorming tool may not anticipate downstream execution behavior, which undermines safe scoping and permission boundaries.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation language is broad enough to match many ordinary requests involving brainstorming, review, strategy, or complex problems across nearly any domain. Over-broad routing increases the likelihood that this powerful, multi-agent skill is selected when a simpler, lower-privilege workflow would be safer.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal