ClawHub

Agent Team Kit

Security checks across malware telemetry and agentic risk

Overview

This is a transparent workflow kit, but it installs persistent instructions that can make agents spawn and act autonomously without enough local safety boundaries.

Install only if you intentionally want agents to coordinate and launch work proactively. Before enabling the heartbeat, define which queues are in scope, require human approval for destructive, deployment, public, financial, account, or credential-related actions, cap agent spawning, restrict writable paths, and review file changes before committing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The heartbeat section encourages periodic autonomous checks that can spawn agents, alert roles, and nudge owners without defining scope limits, approval boundaries, or safety constraints. In an agentic environment, broad recurring triggers can cause unintended actions, noisy task creation, or escalation loops, especially because the skill explicitly aims for self-sustaining operation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions include commands that copy directories into `./process` and append content to `HEARTBEAT.md` without warning about overwrites, duplication, or unintended modification of local workspace files. This is risky because users or agents following the skill may alter existing process configuration irreversibly or introduce duplicated heartbeat logic that changes system behavior.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill uses broad, always-on coordination language such as 'If the team isn't working, spawn them' and frames inactivity as a failure condition. In an agentic environment, this can cause the skill to trigger autonomously in loosely related contexts and initiate actions without sufficiently narrow scope or explicit confirmation boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal