ClawHub

autonomy-gate

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only autonomy policy, but it can authorize external messages, deployment/service actions, and persistent self-governance logs without enough concrete boundaries.

Install only if you want this as an advisory governance policy and can keep final authority with the operator. Before enabling it in an agent with real external tools, define exact approved channels and templates, require explicit approval for level changes, service shutdowns, deployments, and spending, and decide where logs are stored, redacted, and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger conditions are broad and ambiguous, including generic phrases like '자율성', '권한 체크', '레벨 확인', and any external action. This can cause the skill to activate in unintended contexts and inject governance logic into unrelated workflows, increasing the chance of unauthorized file updates, logging, or blocking/allowing actions without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs periodic updates to references/state.json and creation of review files under memory/ without warning the user that persistent local data will be modified. This creates a covert statefulness risk: the agent may write governance history and self-assessments to disk automatically, which can surprise users, leak sensitive operational context, or tamper with local state relied on by other automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The mandatory action-log step records metadata about external actions to references/action-log.jsonl without notifying the user that persistent logging occurs. Persistent activity logs can expose sensitive communication history, targets, or operational patterns, especially in a skill explicitly governing outbound actions such as DM, SNS, email, and deployment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal