ClawHub

Clawdhub.Bak 2026 01 28T18:01:16+10:30

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ClawdHub CLI helper, but it documents powerful non-interactive commands that can bulk-change installed agent skills without clear approval or rollback guidance.

Install only if you want this agent to manage ClawdHub skills. Require explicit confirmation before login, publish, install, or update actions; review the target skills and versions first; avoid all-skills force/no-input updates unless you intentionally want broad local changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents authentication and publishing commands that can send account-linked information and local skill contents to a remote registry, but it provides no warning or consent guidance. In an agent setting, this omission increases the chance that a user or downstream system invokes publish/login workflows without realizing they may disclose local code, metadata, or credentials to an external service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation includes bulk and forceful update commands such as '--all --no-input --force' without warning that they can non-interactively modify many installed skills at once. In this skill’s context, that can rapidly change the local execution environment, introduce unreviewed third-party code, or overwrite expected versions, increasing supply-chain and operational risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal