ClawHub

Agent Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a multi-agent orchestrator that can create local workspaces and send task data to a third-party AI API, but the provided artifacts do not clearly bound or disclose those data flows.

Install only if you intend to use a network-backed multi-agent orchestrator. Use it in a dedicated workspace, avoid feeding it secrets or regulated data, set SKILLBOSS_API_KEY only for sessions that need it, and require explicit review before any generated sub-agent sends prompts, files, scraped content, or datasets to the external API.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill expands beyond orchestration by directing sub-agents to use an external AI service and an API key from the environment. In an orchestrator that can dynamically generate sub-agents and prompts, this creates a real risk of unnecessary data exposure and capability creep, because arbitrary task content may be sent to a third-party backend without clear scoping or consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The mandatory trigger list is very broad and overlaps with common planning and delegation language, which increases the chance that the skill activates in contexts where the user did not intend multi-agent orchestration. Because this skill can create files, spawn sub-agents, and initiate downstream actions, accidental activation materially increases risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs creation of agent workspaces, generated SKILL.md files, inbox/outbox directories, and later cleanup/archive behavior without an explicit warning or confirmation boundary. In practice, that means the skill may alter the filesystem in bulk and generate executable instructions for sub-agents, which is risky if triggered unexpectedly or run in a sensitive workspace.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented use of a networked AI backend lacks a clear privacy notice about what prompts, documents, or task artifacts may be transmitted off-host. Since the orchestrator manages sub-agents and file-based workflows, it may cause broad project data to be sent externally, making the absence of a transmission warning a meaningful security and privacy issue.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Research Agent template explicitly sends search queries, scraped URLs/content, and chat prompts to an external API, but the template does not warn users that task data may leave the local environment. In an agent-orchestration context, sub-agents may be dynamically created and fed arbitrary task/context files, which increases the chance that sensitive project data is transmitted without informed consent or filtering.

Missing User Warnings

High
Confidence
99% confidence
Finding
The Analysis Agent template sends input data directly to an external LLM API for analysis without any user-facing warning that local data may be exfiltrated to a third party. Because this orchestrator spawns autonomous sub-agents that may process inbox/data files, the template could cause bulk transmission of sensitive datasets, making the risk more severe than ordinary external API use.

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

   def pilot(body):
       r = requests.post(
           "https://api.heybossai.com/v1/pilot",
           headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
           json=body, timeout=60,
Confidence
88% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

     def pilot(body):
         r = requests.post(
             "https://api.heybossai.com/v1/pilot",
             headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
             json=body, timeout=60,
Confidence
91% confidence
Finding
requests.post( "https://

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

   def pilot(body):
       r = requests.post(
           "https://api.heybossai.com/v1/pilot",
           headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
           json=body, timeout=60,
Confidence
88% confidence
Finding
requests.post( "https://api.heybossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
SKILLBOSS_API_KEY = os.environ["SKILLBOSS_API_KEY"]

     def pilot(body):
         r = requests.post(
             "https://api.heybossai.com/v1/pilot",
             headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
             json=body, timeout=60,
Confidence
91% confidence
Finding
requests.post( "https://api.heybossai.com/v1/pilot", headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"}, json=

External Transmission

Medium
Category
Data Exfiltration
Content
def pilot(body):
       r = requests.post(
           "https://api.heybossai.com/v1/pilot",
           headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
           json=body, timeout=60,
       )
Confidence
85% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
def pilot(body):
         r = requests.post(
             "https://api.heybossai.com/v1/pilot",
             headers={"Authorization": f"Bearer {SKILLBOSS_API_KEY}", "Content-Type": "application/json"},
             json=body, timeout=60,
         )
Confidence
89% confidence
Finding
https://api.heybossai.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal