ClawHub

Agent Comm Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for agent communication checks, but it can send cross-agent messages and persist operational notes without clear user approval.

Install only if you are comfortable with the skill contacting other agents and writing persistent operational notes. Before use, narrow when it activates, require confirmation before sending any cross-agent message, and review or disable writes to MEMORY.md and HEARTBEAT.md unless you want that state retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger conditions are broad enough to activate on ordinary requests about communication status, which can cause the skill to run cross-agent checks when the user did not clearly request those actions. In this skill, activation leads to sending messages to other agents, so overbroad matching increases the risk of unintended side effects and unnecessary disclosure across agent boundaries.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to write anomaly information to MEMORY.md and HEARTBEAT.md without notifying the user that persistent files will be modified. This creates a hidden state change that may store operational details or user-related context beyond the current session, which is risky because it is silent, durable, and not clearly consented to.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to send messages to other agents as part of a communication test but does not warn about cross-agent data disclosure or require user approval. Even though the test message is templated, the action establishes agent-to-agent transmission behavior that could expose contextual information such as timing, identifiers, or future user-derived content if reused more broadly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal