ClawHub

Configure Clawhub Domestic Mirror

Security checks across malware telemetry and agentic risk

Overview

This mirror setup mostly matches its stated purpose, but it also includes unrelated cron, repository, and multi-workspace instructions plus a script that permanently changes shell configuration.

Install only if you intentionally want ClawHub CLI traffic to use cn.clawhub-mirror.com. Review the script first, back up ~/.bashrc, and know how to remove the added CLAWHUB_REGISTRY and CLAWHUB_SITE lines. Ignore the unrelated cron, repo-repair, learning-archive, and workspace-sync content unless you explicitly requested those separate actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s task record includes substantial out-of-scope operational actions—self-evolution, cron restoration, repo repair, and multi-workspace synchronization—that are unrelated to configuring a ClawHub mirror. In an agent setting, such embedded history can normalize or justify future execution of broader filesystem and project-modifying actions than the user requested, increasing the risk of unintended or over-privileged changes.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Documenting capabilities to restore cron jobs and synchronize multiple agent workspaces inside a mirror-configuration skill creates unjustified authority expansion. Even if presented as past task context, it can prime an agent or operator to treat these unrelated, high-impact actions as part of the skill’s expected behavior, enabling unnecessary persistence or widespread configuration changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The eval prompts use broad symptom-based language like slow downloads, timeouts, and registry configuration without clear trigger boundaries or exclusions, which can cause the skill to activate in situations where the user is asking for general networking help rather than specifically requesting ClawHub mirror setup. This over-broad triggering can misroute conversations, leading the agent to suggest persistent shell configuration changes in contexts where they are unnecessary or inappropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal