ClawHub

AI Orchestrator V5

Security checks across malware telemetry and agentic risk

Overview

This is a broad instruction-only workflow router; it should be used carefully, but the artifacts do not show hidden execution, credential access, exfiltration, or destructive behavior.

Install this only if you want a broad multi-agent routing skill. Require explicit approval before it delegates sensitive tasks, uses autonomous or agent-generation specialists, handles payment, crypto, legal, healthcare, or security work, or saves and restores checkpoints containing private context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest frames the skill as a direct single-agent router, but the body authorizes broad multi-agent coordination and execution. This mismatch can cause the skill to be invoked under a narrower trust assumption than the behavior it actually enables, increasing the chance of unintended delegation, overreach, and unsafe task execution.

Description-Behavior Mismatch

Low
Confidence
81% confidence
Finding
The skill claims persistence and recovery features such as auto-save checkpoints that are not reflected in the stated routing purpose. Even if no actual persistence backend exists, instructing an agent to assume checkpointing can lead to retention of sensitive context, false assumptions about rollback safety, or hidden statefulness beyond what users expect.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Including dynamic agent creation and autonomous-agent capabilities materially expands the authority of a routing skill beyond selection into generation of new executors and self-directed planning. That increases the risk of unreviewed toolchains, prompt-surface expansion, and privilege creep, especially when paired with broad orchestration instructions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation language is broad and generic enough to match a wide range of normal user requests, making over-triggering likely. A powerful orchestrator that activates too easily can intercept tasks that should stay with narrower, safer skills, resulting in excessive delegation and expanded attack surface.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Presenting the skill as a universal router for 'any task' without clear boundaries makes it an always-applicable catch-all. In context, this is more dangerous because the same document also advertises large agent inventories, multiple execution patterns, and fallback chains, so ambiguous activation can translate directly into broad operational control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal