ClawHub

nephesh-studio

Security checks across malware telemetry and agentic risk

Overview

This is a coherent multi-agent workflow skill, but it creates persistent agent behavior and recurring automation that users should review before installing.

Install only if you want a persistent multi-agent workflow. Review and approve any SOUL.md change, keep secrets and sensitive personal or business data out of project, learning, and HR files, review diffs before hiring or workflow updates, and enable the daily cron only if you intentionally want recurring main-session checks and know how to disable them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rule that the CEO only reports to the user at task receipt, final delivery, or when blocked explicitly suppresses in-process transparency. In an agent skill that creates directories, writes files, coordinates sub-agents, and updates persistent knowledge bases, this can cause material file and project-state changes without user visibility or an opportunity to intervene.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rule requires spawning a new subagent session for every new task and explicitly sets cleanup to keep, which can create persistent background sessions without any user-facing disclosure or consent. In an agent skill that coordinates many roles, this increases the risk of unnoticed task fan-out, excessive resource usage, and unintended retention of task context in archived subagent sessions.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The checklist directs the agent to write results to a fixed path under the local workspace, which creates an implicit side effect on the user's filesystem without any explicit confirmation or warning. In an agent setting, even benign scheduled logging can overwrite, append to, or leak operational details into local files, making this a real but low-severity safety issue.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly describes persistent HR-related records, project performance evaluations, and automatic updates, but provides no retention limits, access controls, consent basis, or warning about handling personnel data. In the context of an agent skill that continuously accumulates team performance and error-history data, this creates a realistic privacy and governance risk because sensitive employee profiling data may be stored indefinitely and reused beyond its original purpose.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The rule '当用户说"招聘"时' uses a very broad natural-language trigger without confirmation or stricter intent matching. In a multi-agent orchestration skill, this can cause unintended activation of an HR onboarding workflow and synchronized updates to multiple files from casual mention, quoted text, or discussion about hiring rather than an actual command.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The role explicitly instructs collection via web scraping, APIs, and database queries, plus persistence of collected data, but provides no guardrails on authorization, consent, privacy, terms-of-service compliance, rate limiting, or handling of sensitive data. In an agent skill that may autonomously gather information across multiple channels, this omission can lead to unauthorized access, over-collection of personal/confidential data, or harmful scraping behavior even if the document does not overtly request malicious activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal