ClawHub

Cord Trees

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate multi-agent orchestration skill, but it can spawn subagents, reuse their outputs, and keep updating local state with too few built-in limits.

Install only if you intentionally want autonomous multi-agent task-tree orchestration. Before using it, set explicit limits for subagent count, runtime, retries, file locations, and approval checkpoints, and avoid running it over secrets or sensitive work unless you are comfortable with results being stored in cord-state.json and reused in later prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are extremely broad and map to common user requests like 'figure out how to do X' or 'decompose this task', which can cause the skill to activate in many unrelated contexts. Because this skill can spawn subagents and write orchestration state, overbroad activation increases the chance of unintended autonomous execution and local state modification without the user explicitly opting into this orchestration pattern.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to persist and repeatedly update a local `cord-state.json` file and to coordinate spawned sessions, but it does not clearly warn the user that local files will be created or modified. In context, this matters because the skill is designed for dynamic, runtime restructuring and iterative polling, so it can produce ongoing filesystem changes as part of autonomous orchestration that the user may not expect.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code retrieves subagent session history and propagates prior results into new prompts, which can expose sensitive information across task boundaries and contexts. In this skill, dynamic orchestration and fork-based context inheritance increase the chance of over-sharing data between subagents or into prompts that do not need the full prior output.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal