ClawHub

The Agent Production Hardening Guide

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill, but its examples can run live GreenHelix operations with a read/write API key despite sandbox-only framing.

Review before installing or following the code. Treat the snippets as live templates, use only a sandbox or least-privilege GreenHelix key, and require explicit human approval before running examples that change budgets, register webhooks, write ledger records, publish events, send messages, or create escrows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill metadata and introductory notice claim the content is a non-executable educational guide, but later sections include copy-pastable runnable code that reads environment credentials and performs authenticated GreenHelix operations. This mismatch is dangerous because users and automated systems may lower their guard based on the declared non-executable nature, then unknowingly run code capable of modifying budgets, registering webhooks, publishing events, sending messages, or creating escrows.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document states that no API key is required to get started, while elsewhere it includes working implementations that require GREENHELIX_API_KEY and make authenticated calls. This inconsistency can trick operators into trusting or executing the guide under the assumption that it is sandbox-only, increasing the likelihood of accidental credential use and live side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal