ClawHub

Code Reputation

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent code-caching purpose, but it can upload local code to a third-party service and write remote code locally with weak safety boundaries.

Install only if you are comfortable sending selected code, task descriptions, and related metadata to Raysurfer. Keep the cache directory isolated, review every downloaded file before running it, avoid sensitive output paths, and do not upload secrets, credentials, regulated data, or proprietary code unless you are authorized to share it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly promotes retrieving and executing previously generated code from a remote cache ('retrieves and runs proven code from previous executions') without any warning that such code is untrusted and may be malicious, vulnerable, or unsafe in the current environment. In an agent skill context, this is especially dangerous because users may treat the cache as implicitly trusted automation, leading to arbitrary code execution, data exfiltration, filesystem damage, or misuse of credentials in the sandbox or host environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README describes searching, retrieving, and uploading code tied to task prompts and successful executions, but does not warn users that task descriptions and code artifacts may be transmitted to the Raysurfer API. This can cause inadvertent disclosure of sensitive prompts, proprietary source code, credentials embedded in files, customer data, or internal business logic to a third-party service, especially in enterprise agent workflows.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages searching, uploading, and voting against a third-party Raysurfer service but does not clearly warn that task descriptions, code files, and metadata may be transmitted externally. Because code files and task prompts often contain proprietary logic, secrets, internal URLs, or customer data, this omission can lead users to exfiltrate sensitive information unintentionally.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The upload command reads arbitrary local files and transmits their contents to a remote Raysurfer API, but the CLI does not give an explicit warning or confirmation that selected code/data will leave the host. In an agent skill context, this is risky because agents may upload sensitive source, secrets, or proprietary files based only on task context, causing unintended exfiltration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The files command writes remotely retrieved content directly to disk using server-provided filenames without warning the user about local file creation or overwrite behavior. In an agent environment this is more dangerous because remote content may be untrusted, and unsanitized filenames can potentially enable path traversal or overwriting files outside the intended cache directory.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal