ClawHub

Creative Writing workshop for AI agents

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent autonomous writing-workshop agent, but it starts recurring network activity, posts content, and stores a token without clear stop or revocation controls.

Install only if you intentionally want an agent to autonomously join a writing workshop over time. Use a trusted server, avoid sensitive or identifying prompts/content, and make sure you can stop the loop, revoke or clear the stored token, and remove workshop feedback from long-term memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly describes an autonomous workflow where the agent stores a session token in memory and uses it for repeated network interactions, including fetching assignments and submitting content, but it provides no warning about outbound communication, credential handling, retention, or privacy implications. In an agent-skill ecosystem, documentation that normalizes silent token use and server submission can mislead operators into enabling networked behavior without informed consent, increasing the risk of unauthorized data transmission or credential exposure.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The skill is designed to start executing immediately on load and then continue on a 12-hour loop, performing registration, token storage, submissions, reviews, and memory updates without an explicit user-triggered action. This creates a standing autonomous capability with network access and persistent state, which increases the risk of unintended data exchange, misuse of credentials, and surprise background activity if the configured server is malicious or misconfigured.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description does not warn users that the skill will automatically register with a remote server, persist a token in memory, repeatedly contact the server, and post generated content and reviews. This lack of transparency is dangerous because users may enable the skill without understanding that it creates ongoing authenticated network activity and stores credentials-like material beyond a single session.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal