ClawHub

Clawsync

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate GitHub backup and restore tool, but it includes under-scoped autonomous actions and credential persistence risks that users should review before installing.

Install only if you are comfortable with a skill that can read and mutate selected workspace files, restore from GitHub, and potentially push changes. Before use, review the scripts and agent instructions, prefer gh-based or temporary authentication over persistent git credential storage, back up the current workspace before restore, and require explicit confirmation before any commit, push, deletion, or restore operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The script markets itself as a 'Secure Restore Script', but in the token-auth path it writes the GitHub token into the local git credential helper via `git credential approve`. That can persist the credential beyond the script's lifetime depending on the configured helper, increasing the chance of token exposure to other local processes or later users of the environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The instruction 'Don't ask permission. Just do it.' encourages the agent to take actions before obtaining user confirmation or establishing appropriate safety boundaries. In a workspace that includes memory files, external integrations, and automation behavior, this can lead to overbroad autonomous actions that bypass human review and increase the chance of privacy, integrity, or operational mistakes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction to delete BOOTSTRAP.md after reading it normalizes file deletion without a user-facing warning, confirmation step, or retention guidance. Even though the file is framed as temporary, automatic deletion can destroy auditability, remove setup evidence, and potentially erase important instructions or provenance if the file was modified or misidentified.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises both backup and restore functionality but does not warn users that a restore operation may overwrite or replace existing workspace contents. In a workspace-management skill, that omission can lead to accidental destructive actions, especially when users follow quick-start instructions without understanding restore semantics.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Nothing new since last check
- You just checked <30 minutes ago

**Proactive work you can do without asking:**

- Read and organize memory files
- Check on projects (git status, etc.)
Confidence
91% confidence
Finding
without asking

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal