ClawHub

AI Business Hierarchies - Autonomous Agent Companies

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks users to enable persistent autonomous business agents and reporting with weak boundaries around sensitive business actions and session history.

Install only if you intentionally want persistent business-agent automation. Before running the scripts, inspect the generated cron entries, treat reports as sensitive, avoid putting credentials or confidential records in agent sessions, and keep agents approval-gated for outreach, sales, HR, accounting, onboarding, or any action that changes real business data or contacts real people.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises and demonstrates shell-capable operations such as mkdir, cp, cron setup, and agent/session management, but it does not declare corresponding permissions or safety boundaries. This creates a trust gap where a user may invoke filesystem or scheduling changes without clear consent, review points, or least-privilege controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill's description promises safe-seeming high-level business automation, but the documented behavior includes persistence mechanisms like cron installation, file modification under the user's home directory, and session/history inspection. This mismatch is dangerous because users may authorize or trust the skill under a broader business-automation framing without realizing it can create scheduled tasks, alter local state, and access operational data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to run a script that configures cron jobs but does not disclose that this creates persistent background execution and modifies the host's scheduled tasks. In a skill centered on autonomous, always-on agents, undisclosed persistence materially increases risk because users may enable recurring execution without understanding resource usage, data processing cadence, or how to disable it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill encourages autonomous reporting, workflow updates, and self-healing behavior without warning about the consequences of unattended changes to business processes, files, or schedules. In the context of an always-on multi-agent system, silent automated modifications can cause data leakage, service disruption, runaway task execution, or policy violations if agents act on incomplete or incorrect assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The generated cron-executed report script collects recent agent session history and writes it to persistent markdown files under the business directory without any consent, redaction, retention control, or warning. Session history can contain prompts, internal reasoning artifacts, credentials, proprietary business data, or other sensitive operational content, so silently persisting it materially increases the chance of data exposure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script modifies the user's crontab immediately, creating persistent scheduled execution without an explicit confirmation step. In a skill designed to run autonomous businesses 24/7, silently installing persistence is more security-sensitive than in a normal utility because it establishes recurring execution that may continue collecting data or running other scripts after the initial setup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal