ClawHub

Cowork Cog

Security checks across malware telemetry and agentic risk

Overview

This skill is a real coding-assistant integration, but it gives cloud agents auto-approved command and file access on the user's machine with limited user-control guidance.

Install only if you intentionally want CellCog cloud agents to operate on your local machine. Use a dedicated project directory, keep work under version control, avoid sensitive folders, verify how CellCog Desktop stores the API key, and disable or narrow auto-approval unless you are comfortable with autonomous file writes and terminal commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest explicitly advertises broad autonomous access to the user's machine, including terminal access, file operations, and 'full development workflows' with auto-approval. That creates an unsafe invocation scope because an agent can be routed into high-impact local execution without an explicit, narrowly scoped consent boundary or task-specific limitation.

Missing User Warnings

High
Confidence
96% confidence
Finding
This section states that cloud agents can run commands, read files, and write code directly on the user's machine, and that all commands are auto-approved with no manual approval needed. Presenting these capabilities without a clear upfront warning about system modification, data exposure, and command-execution risk makes the skill materially more dangerous, especially because it normalizes unrestricted autonomous execution.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions tell the agent to set and use an API key programmatically, but do not give equivalent guidance on secure credential handling, storage, rotation, or avoiding disclosure in logs and process history. Because the same skill grants autonomous local execution, poor credential practices could expose the key through shell history, command-line inspection, logs, or unintended file writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal