ClawHub

Agent Avengers

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for multi-agent orchestration, but it needs review because it can broadly spawn or delegate to agents and profiles without tight activation, consent, or cleanup boundaries.

Install only if you intentionally want a multi-agent orchestration skill. Use explicit, bounded tasks; review generated sessions_spawn and sessions_send commands before running them; avoid credentials, private datasets, account-changing actions, and other sensitive work; and verify output paths and cleanup so reports and spawned sessions do not persist somewhere unexpected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Tainted flow: 'mission_path' from os.environ.get (line 20, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
if updates:
        mission.update(updates)
    
    with open(mission_path / "mission.json", "w") as f:
        json.dump(mission, f, indent=2, ensure_ascii=False)
Confidence
93% confidence
Finding
with open(mission_path / "mission.json", "w") as f:

Tainted flow: 'output_path' from os.environ.get (line 196, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
else:
        output_path = mission_path / "FINAL_REPORT.md"
    
    with open(output_path, "w") as f:
        f.write(report)
    
    # 상태 업데이트
Confidence
96% confidence
Finding
with open(output_path, "w") as f:

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example invocation uses a very broad natural-language trigger ("어벤저스 어셈블!") without documenting clear activation boundaries, confirmation requirements, or scoping rules. In a skill that can decompose tasks, spawn multiple agents, and orchestrate parallel work, ambiguous triggering increases the risk of unintended activation and overbroad autonomous behavior from ordinary user phrasing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger and usage pattern are broad enough to activate a powerful multi-agent orchestration skill for essentially any 'complex task' without stating boundaries, approval requirements, or excluded high-risk domains. In this context, the skill can spawn multiple specialized agents and parallelize work, which increases the chance of scaling unsafe actions, sensitive data handling, or policy-violating task decomposition once invoked.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes broad multi-agent task decomposition, spawned agents, and code implementation without any safety guidance, scope limitations, or warnings about data exposure, autonomous action, or system integrity risks. In an orchestration skill, this omission is material because users may invoke parallel agents on sensitive tasks and assume the behavior is safe by default, increasing the chance of overbroad execution, unsafe code generation, or unintended access to local and external resources.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate on ordinary conversational requests about multi-agent work, which can cause unintended invocation of orchestration behavior. In this skill, accidental activation is more dangerous because it may lead to spawning agents, dispatching tasks across profiles, or sharing user data beyond what the user expected.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes dispatching tasks to multiple agents and external profiles without clear warnings or consent controls for cross-agent data sharing. This creates a real confidentiality risk because user prompts, intermediate artifacts, or sensitive project data may be propagated to additional sessions, bots, or gateways that the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The shared-memory pattern allows multiple agents to read and write into a common workspace, but the documentation does not warn that user data and intermediate findings may become broadly accessible within the agent swarm. That increases the chance of oversharing sensitive information, cross-contamination between tasks, and unauthorized reuse of data by agents that do not need access.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "에이전트 팀" is broad and likely to match ordinary user requests about teamwork or agent coordination, causing the skill to activate unexpectedly. In a skill that can orchestrate multiple agents and automate task decomposition, accidental invocation increases the chance of unintended autonomous behavior, resource use, or execution of sensitive workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal