ClawHub

Clawhub Cli

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent for managing ClawHub skills, but one bulk sync helper can perform a real sync even when the user requested a dry run.

Review carefully before installing if you plan to publish or sync skills. Prefer direct `clawhub` commands where you can confirm every flag, avoid passing tokens on the command line when possible, use least-privilege credentials, manually check folders for secrets before publishing, and do not use `scripts/linux/sync-all.sh --dry-run` unless you have confirmed the installed CLI actually supports dry-run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The template's 'When to Use' section only suggests vague placeholders for signals or user intents, which does not help skill authors define clear activation boundaries. For a CLI skill that can search, install, update, and publish agent skills, ambiguous triggering can cause the agent to invoke the skill in situations involving package changes or publication without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template's safety section is too generic and does not explicitly require authors to warn users before impactful actions. In the context of a skill wrapping a package-management and publishing CLI, missing warnings can lead to silent installation, upgrades, or publication of skills, increasing the risk of unintended system changes or supply-chain exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guide recommends `clawhub login --token <api-token>` without warning that supplying secrets directly on the command line can expose them through shell history, process listings, terminal logs, or agent telemetry. In an agent or shared workstation context, this is more dangerous because commands and outputs are often captured automatically, increasing the chance of credential leakage and subsequent unauthorized access to ClawHub resources.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal