ClawHub

Workspace Init

Security checks across malware telemetry and agentic risk

Overview

This is a coherent workspace setup skill, but users should review repository URLs and understand that dependency installation can run code from those repositories.

Install this only for a workspace you intend to initialize or update from dev-config-template. Before confirming setup, review the target directory, repository URLs, generated CLAUDE.md content, and any repositories whose dependencies will be installed; treat dependency installation as running code from those projects and their package ecosystems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill automatically creates environments and installs dependencies inside each cloned repository using `pip install -e`, `npm install`, or `bun install`. Installing arbitrary dependencies from user-supplied or organization repositories can execute untrusted code via package lifecycle scripts, build backends, editable installs, or dependency hooks, making this a real code-execution risk on the operator's machine.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrases include very generic terms such as "initialize" and "set up my project," which can cause the skill to activate in contexts broader than intended. Because this skill performs cloning, dependency installation, file modification, and commits, accidental invocation can lead to significant unintended state changes and possible execution of untrusted repository code.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal