ClawHub

Fully Automated Collaborative Code Development Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed instruction-only coding workflow that can create project files automatically, but I found no hidden execution, credential access, exfiltration, or destructive behavior.

Install this only if you want a hands-off coding pipeline that may create multiple files and pass project context between sub-agents. Use it in a clean or dedicated workspace, avoid including secrets in prompts or source files, and explicitly ask for checkpoints or overwrite confirmation if you do not want fully automatic execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly enforces a 'No-Interruption Principle' and says users do not need to confirm midway, while also describing automatic project generation and delivery. In a skill that writes files into the workspace, this removes an important consent checkpoint and increases the chance of unintended file creation or modification from ambiguous or over-broad invocations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents that each phase writes artifacts into `{workspace}/<project-name>/` but does not require a warning or acknowledgment before performing those writes. Automatic artifact creation across multiple phases can generate many files and potentially overwrite or clutter the workspace if triggered unintentionally.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill metadata says it 'must be used' for broad categories like code development, program writing, feature implementation, or code quality requirements. This creates a high risk of unintended activation for ordinary coding requests, which is especially dangerous because the skill then performs autonomous multi-phase execution and file generation.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The quick-reference trigger list uses generic verbs like 'develop,' 'write code,' 'implement,' and 'build,' any of which can appear in routine requests. In this context, over-broad triggering is more dangerous because the skill is designed to run a fully automated pipeline with parallel sub-agents and workspace writes without intermediate confirmation.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The skill unconditionally requires output in Chinese, overriding the user's language preference and potentially causing the agent to ignore higher-level user intent. While not directly enabling code execution or data exfiltration, it is a policy-shaping constraint that can degrade usability, cause incorrect task fulfillment, and signal that the skill author is willing to override user-controlled behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal