ClawHub

XPR Agent Operator

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated XPR agent-operator purpose, but it gives an autonomous agent private-key signing authority and recurring job-taking behavior without enough user-controlled limits.

Install only with a dedicated low-value XPR account/key. Require manual approval for bids, job acceptance, profile changes, deliveries, disputes, A2A delegation, and any cron setup. Before using public GitHub delivery, confirm the work may be public and contains no secrets, proprietary files, customer data, or private keys; verify rights before using web-sourced media.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to use `create_github_repo` and states that it creates a public GitHub repository, but it does not require any suitability check for sensitive, proprietary, or client-confidential content before publication. In a job-delivery workflow, this creates a realistic risk of accidental public disclosure of deliverables, source code, credentials, internal data, or unpublished client materials.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill tells the agent to find images/media from the web and deliver them via `source_url` without any guardrails about copyright, licensing, provenance, consent, or privacy. This can lead to unauthorized redistribution of copyrighted or personal content, especially because the workflow frames web-sourced media as a normal delivery path rather than an exception requiring verification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal