ClawHub

Pi Coding Agent

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using the Pi coding agent; its sensitive behaviors are mostly disclosed and user-directed, though users should be careful with saved and shared sessions.

Before installing, treat Pi like a full coding agent: only configure trusted model providers and packages, protect API keys/OAuth tokens, disable telemetry or startup networking if needed, use --no-session for sensitive work, and review any session carefully before using /share because it uploads content to GitHub Gist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `/share` command is documented only as 'Upload to GitHub Gist for sharing' without a prominent warning that session content may contain secrets, proprietary code, or sensitive prompts. In an AI coding agent context, session history often includes pasted files, credentials, internal paths, and debugging output, so an easy sharing command can lead to accidental data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation exposes a feature that uploads session content to GitHub Gist without warning users that prompts, code, secrets, file paths, and tool outputs may be included in the shared session. In an AI coding agent context, session logs frequently contain sensitive development data, so omission of a privacy warning materially increases the risk of accidental data disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file states that sessions are auto-saved under `~/.pi/agent/sessions/` by default, but does not warn users that potentially sensitive conversations are persisted to disk. For a terminal coding assistant, sessions may include source code, credentials, internal paths, and debugging output, so undocumented persistence increases the likelihood of unintentional local exposure or retention beyond user expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal