ClawHub

autoagent

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up a sandboxed, recurring prompt-optimization loop, and its file writes, subagent tests, and optional tool analysis fit that stated purpose.

Install only if you want a recurring automation loop that edits sandbox guidance files. Use a fresh non-sensitive sandbox path, avoid absolute paths into important project or system folders, do not include secrets or proprietary code unless necessary, review any copied scripts before allowing analysis, and stop the cron job when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill explicitly expands its scope from optimizing guidance into locating, copying, reading, and recommending changes to arbitrary external scripts and tools. That broadens data access and code-analysis behavior beyond the stated purpose, increasing the chance of exposing sensitive code, pulling unrelated assets into the sandbox, or normalizing code-modification advice on arbitrary local resources.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The setup prompt explicitly permits an arbitrary absolute path for sandbox creation, which expands the skill's write scope beyond a bounded workspace and is not necessary for prompt optimization. In an agent context, this can lead to unintended file creation or overwriting in sensitive filesystem locations if a user provides a risky path or if downstream behavior is manipulated.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README describes the skill as able to optimize 'any agent guidance' and to automatically improve prompts, AGENTS.md entries, or skill definitions without stating meaningful scope limits, approval gates, or safe-use boundaries. That broad trigger surface increases the chance an agent or user invokes it on sensitive guidance or in inappropriate contexts, leading to unintended modification of operational instructions or security-relevant behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly describes a cron-triggered loop that runs every 5 minutes, modifies files, evaluates results, and keeps or discards changes, but it does not prominently warn that the behavior is persistent and can continue making changes after the initial invocation. In a skill that copies guidance, runs subagents, and writes logs on a schedule, the lack of an explicit ongoing-impact warning makes accidental persistence, resource consumption, and unintended repeated file modifications more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill allows user-specified relative or absolute paths for sandbox creation and then instructs writing multiple files there, without guardrails or an explicit warning about filesystem effects. In practice this can lead to unintended writes outside an expected workspace, clobbering files, creating artifacts in sensitive directories, or being abused through path selection.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill sets up recurring cron execution that repeatedly reads, edits, tests, and reverts files, yet does not prominently warn the user that this is persistent background automation. That creates risk of unattended repeated actions, unexpected resource consumption, and ongoing modification loops after the user no longer expects the skill to be active.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill asks for script/tool paths and says they should be copied and analyzed, but does not warn that these paths may contain proprietary, credential-bearing, or otherwise sensitive code. This can cause overcollection into the sandbox and unnecessary inspection of unrelated artifacts, especially when users provide broad or imprecise paths.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The prompt explicitly instructs the agent to overwrite `current-guidance.md` as part of an automated optimization loop, but it does not require user confirmation or even a warning before making a persistent change. In a cron-driven or unattended workflow, this can silently alter user-authored guidance and propagate bad or unsafe edits without human review.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The prompt tells the agent to append entries to `scores.md` automatically, creating persistent state changes without notifying the user or obtaining consent. While lower impact than overwriting guidance, it can still pollute logs, leak test metadata into tracked files, and make unattended runs accumulate unwanted changes over time.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs the skill to create a cron job that runs every 5 minutes, but it does not warn the user that this is a persistent background modification or explain how it will be removed. In the context of an agent skill, silently establishing recurring execution increases risk because it can continue consuming resources, repeatedly invoke subagents, and operate beyond the user's immediate awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to create directories/files and set up cron, which are persistent system modifications, but do not require an explicit warning, dry-run summary, or confirmation immediately before those actions. This is dangerous because users may not understand that the skill will install scheduled execution and write to disk, increasing the risk of unintended persistence and resource consumption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal