ClawHub

Claude Code Launcher

Security checks across malware telemetry and agentic risk

Overview

This launcher has a legitimate purpose, but it uses powerful desktop automation in ways that could expose sensitive sessions or run unintended shell commands if used carelessly.

Review before installing. Use only trusted project paths with ordinary characters, avoid enabling Remote Control for sensitive repositories unless you understand the exposure, grant Screen Recording and Accessibility only in a trusted environment, and periodically delete or protect the saved screenshots and logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script captures a full-screen image using GUI automation and stores it in a persistent logs directory under the user's home folder. Even if the skill description mentions screenshot capture, a full-screen screenshot can unintentionally collect unrelated sensitive data from other apps, notifications, credentials, or documents visible at the time.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The troubleshooting guidance recommends forcefully terminating Terminal via `pkill -f Terminal` without warning that this will immediately close all matching Terminal processes and can destroy active interactive work, shells, or unsaved session state. In the context of a launcher that automates Claude Code sessions, this can disrupt ongoing user activity and create avoidable denial-of-service or data-loss conditions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions to kill all Claude Code instances with `pkill -f "claude code"` omit any caution that all active Claude sessions will be terminated, including unrelated projects. Because this skill is specifically designed to manage multiple interactive Claude Code sessions, broad process termination is especially risky and can interrupt work across projects.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically enables Claude Code Remote Control by sending commands and confirming activation without an explicit yes/no prompt that explains cross-device access. This can expose an interactive coding session to unintended devices or users if the operator does not realize remote access is being enabled, especially because the skill is designed to automate setup end-to-end.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal