ClawHub

AutoResearchClaw Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but needs review because a simple research request can install external code and run an autonomous code-generating pipeline with limited user checkpoints.

Install only if you are comfortable with an agent downloading and running an external research toolchain. Review or pin the GitHub repository first, run it in an isolated environment, avoid `--auto-approve` for sensitive work, provide API keys only through environment variables or a secret manager, and leave cron, memory, messaging, sub-session spawning, and lesson-to-skill features disabled unless you explicitly need them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises very broad trigger phrases such as generic requests to research, analyze, or write a paper, which can cause it to activate for common user intents without clear boundaries. In this skill, overbroad activation is risky because activation leads directly into installation, configuration, network access, code generation, and autonomous execution steps.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to clone software, install dependencies, configure external LLM access, perform web-backed research, and generate/run experimental code, but it does not present a prominent upfront warning about system changes, outbound data flows, costs, or privacy implications. That omission is dangerous because users may unknowingly authorize package installation, API-key use, network transmission, and autonomous execution with side effects.

External Transmission

Medium
Category
Data Exfiltration
Content
```yaml
llm:
  provider: "openai-compatible"
  base_url: "https://api.openai.com/v1"
  api_key_env: "OPENAI_API_KEY"  # or ask for key
  primary_model: "gpt-4o"
  fallback_models: ["gpt-4o-mini"]
Confidence
81% confidence
Finding
https://api.openai.com/

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. Copy `config.researchclaw.example.yaml` → `config.arc.yaml`
4. Ask user for LLM provider choice (OpenAI-compatible or ACP agent)
5. Configure with API keys or ACP agent selection
6. Run: `researchclaw run --topic "[topic]" --auto-approve`
7. Monitor progress, return results from `artifacts/rc-*/deliverables/`

### Configuration
Confidence
93% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. Copy `config.researchclaw.example.yaml` → `config.arc.yaml`
4. Ask user for LLM provider choice (OpenAI-compatible or ACP agent)
5. Configure with API keys or ACP agent selection
6. Run: `researchclaw run --topic "[topic]" --auto-approve`
7. Monitor progress, return results from `artifacts/rc-*/deliverables/`

### Configuration
Confidence
93% confidence
Finding
--auto-approve

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal