ClawHub

GLM Swarm

Security checks across malware telemetry and agentic risk

Overview

This multi-agent helper is not clearly malicious, but it needs Review because it can spawn workers, write task data locally, and run cleanup/deploy-style workflows without tight guardrails.

Install only if you intentionally want a skill that can coordinate multiple subagents and write local task files. Avoid using it with sensitive data until task-result retention, /tmp scratchpad permissions, task ID validation, and cleanup behavior are tightened. Treat any code changes or deployment steps as manual-approval-only workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
95% confidence
Finding
Pattern A uses very broad natural-language triggers such as 'check and do' or 'investigate and execute', which can easily match ordinary user requests rather than an explicit orchestration request. In a swarm harness, this can cause unintended decomposition into multiple workers and potentially expand tool use or side effects beyond what the user clearly authorized.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Pattern B's trigger phrases like 'check here and there' or 'gather everything and summarize' lack scope boundaries and are common in benign conversation. Because this skill is specifically a parallel harness, vague activation criteria raise the chance of unnecessary multi-source collection, which can widen data access and tool execution beyond the minimum needed.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Pattern C includes generic phrases like 'do them all' and 'one by one,' which are common conversational expressions and not reliable indicators that broad parallelization is intended. In an automation context, this can accidentally fan out repeated actions across many items, increasing the risk of mass unintended operations.

Vague Triggers

Medium
Confidence
93% confidence
Finding
Pattern D trigger phrases like 'analyze this' or 'what do you think' overlap heavily with normal chat requests and do not clearly imply multi-stage collection, analysis, and recommendation workflows. This ambiguity can cause the harness to over-orchestrate simple analytical conversations into broader data gathering and action planning than intended.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Pattern E binds generic edit and deployment phrases such as 'fix,' 'update,' and 'deploy' to a code-change workflow, which can over-match common requests. Because this pattern leads toward file modification and deployment behavior, accidental activation has higher consequences than the earlier read-oriented patterns.

Missing User Warnings

High
Confidence
97% confidence
Finding
The code-work pattern describes a verify-modify-validate-deploy sequence but does not include strong warnings, approval checkpoints, rollback requirements, or environment restrictions around making changes and deploying them. In the context of a swarm/orchestration skill, this is dangerous because it normalizes potentially destructive actions without clearly constraining when those actions are safe or authorized.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal