ClawHub

Recursive Swarm

Security checks across malware telemetry and agentic risk

Overview

This skill is a local orchestration helper that creates task-run files and coordinates bounded child work, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the agent creating local run folders, logs, notes, and result files. Use a dedicated run directory, avoid processing private message exports or third-party communications without authorization, and review any coding/worktree, external-message, install, config-change, or destructive node before allowing it to proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to create run folders, write node state, results, and audit logs, and to use helper scripts that read and write files, yet it declares no permissions. This mismatch can cause the platform or user to underestimate the skill's filesystem access, reducing oversight and making unintended file modification or data exposure more likely.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The initializer sets allowWorktrees to true for all runs, despite the skill contract stating worktrees should only be used for coding leaf nodes inside git repositories. In an orchestration system, broad enablement weakens safety boundaries and can cause downstream components to create filesystem-linked workspaces in inappropriate contexts, increasing risk of unintended repository modification, data exposure, or unsafe execution paths.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal