ClawHub

The Agent SaaS Factory: Build, Deploy, and Monetize Software Products with Autonomous AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a non-installing guide, but its ready-to-run examples can make real changes to code, databases, billing, and disputes while some safety claims and defaults are inconsistent.

Install only if you are comfortable reviewing and rewriting the examples before use. Run them with sandbox/test accounts, least-privilege API keys, non-production databases, Stripe test mode, explicit spending limits, feature branches, and human approval before any repository write, SQL mutation, billing action, or dispute resolution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide’s security section says agents should never write directly to protected branches, but the actual helper methods default to branch='main' and the factory writes files without invoking branch protection. In an autonomous workflow, that inconsistency can let an agent bypass review gates and push unsafe or malicious changes straight into production code.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The document claims AgentDBA enforces parameterization, but the implementation accepts arbitrary SQL strings and exposes execute_query for unrestricted DDL/DML. That mismatch can cause users to trust the wrapper as safe while still permitting injection, destructive queries, or schema tampering if any user-controlled input reaches these methods.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The introductory notice says the guide does not execute code, yet it includes concrete client implementations that perform live HTTP POSTs and examples that load credentials from the environment. That can mislead users into running examples against real external systems under the assumption they are inert or purely illustrative.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This guide provides autonomous workflows for creating repositories, modifying databases, and configuring billing, but it lacks a prominent up-front warning that examples can trigger real external side effects. In this skill context, that omission increases the chance of accidental operational or financial impact when a user or agent copies the examples directly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal