ClawHub

Ralph Loop Rr

Security checks across malware telemetry and agentic risk

Overview

The skill is an autonomous task runner, but it broadly self-activates, writes task details to disk, deletes its audit file, and sends progress details to Telegram without clear opt-in controls.

Review before installing. Use it only if you are comfortable with an agent running multi-step tasks with minimal pauses, writing task details to a workspace memory file, deleting that file at the end, and sending progress information through Telegram. Avoid using it for sensitive work unless Telegram updates are disabled or explicitly controlled and activation is narrowed to deliberate opt-in commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The activation conditions are broad enough to trigger autonomous execution for vague user phrasing such as any multi-step task or tasks the user expects to be handled autonomously. In this skill, that ambiguity is amplified by instructions to proceed without asking questions and to keep working until completion, which can cause the agent to take actions or transmit updates without clear, explicit user consent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill mandates Telegram messages during execution and on completion, creating an external data transmission channel without any consent, disclosure, or data-minimization controls. Because the updates include task names, progress, errors, and produced files, sensitive user or workspace information could be exfiltrated to a third-party service.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires creating a persistent file in `/workspace/memory/ralph-loop.md` and continuously updating it, but does not warn that it will store the user's request and ongoing work state on disk. This can create unintended persistence of sensitive task content and modifies the workspace automatically as part of activation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs unconditional deletion of `/workspace/memory/ralph-loop.md` on completion without explicit warning or user confirmation. Automatic deletion is destructive behavior that can remove audit trail, user-visible progress records, or information needed to verify what actions the agent performed.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal