ClawHub

CNexus-COS-v2-Core

Security checks across malware telemetry and agentic risk

Overview

This is a narrowly scoped CNexus kernel patch that writes local state as part of its disclosed stateful runtime behavior, with no evidence of exfiltration or hidden execution.

Install or use this only for the intended CNexus project. Review diffs before replacing kernel.py, avoid entering secrets into the runtime unless you are comfortable with them being stored locally in cnexus_state_store.json, and delete that state file if you need to clear retained memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly targets a concrete local file path and instructs modification of a production source file, but it does not warn the user that it will alter files on disk or may create additional artifacts. In an agent setting, hidden filesystem modification is security-relevant because users may trigger code changes, test file creation, or state mutations without informed consent, increasing the risk of destructive edits or unauthorized persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill specifies persistent state storage and additional output artifacts, including a state store JSON and publish package contents, without disclosing ongoing persistence behavior to the user. Undisclosed persistence is dangerous because it can retain sensitive project data, execution traces, or user content across runs, and can leave behind files that affect future behavior or expose information to other processes or users.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill persists user-derived inputs, cognitive state, memory contents, and execution history to a JSON file on disk without consent, notice, retention controls, or any protection such as encryption or access restriction. If the host environment is multi-user, backed up, or otherwise accessible, sensitive prompts and derived state may be exposed long after runtime, creating a privacy and data leakage risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal