ClawHub

Agent Harness Doctor

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it says, but a diagnostic tool labeled read-only can still make persistent changes to agent instruction files.

Use diagnostic mode with an empty fix_apply list if you only want a report. Before applying fixes, review or back up AGENTS.md and agent-progress.json, and treat harness_check as write-capable whenever fix_apply is provided.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports auto-applying fixes that create or modify workspace files such as agent-progress.json, AGENTS.md, and CLAUDE.md, but the user-facing description does not give a clear, prominent warning that invoking these actions will directly change local files. This increases the risk of unintended or overly broad modifications, especially because the changes affect agent instruction files and persistent state used by later runs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script can modify workspace files automatically by honoring user-supplied fix IDs during `harness_check` and by exposing `apply_fix`, but it does not present any interactive confirmation, dry-run output, or explicit warning before writing to `AGENTS.md` or `agent-progress.json`. In an agent skill context, this is more dangerous because the tool is explicitly designed to auto-apply fixes inside the current repository, so a caller or higher-level agent could trigger persistent changes without the human clearly understanding what will be edited.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal