ClawHub

Project Router

Security checks across malware telemetry and agentic risk

Overview

Project Router matches its project-management purpose, but it needs review because it can run repository-defined shell commands and apply file-writing plans without built-in approval gates.

Install only for trusted workspaces. Inspect `.project/targets.json` before running any target, inspect plan JSON before applying it, avoid enabling the MCP server for unfamiliar repositories, and verify that the server is invoking the reviewed project CLI rather than an unrelated local binary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI executes target commands from .project/targets.json via spawnSync with shell:true, which allows arbitrary shell execution from repository-controlled configuration. In a terminal-first project bootstrapper, users are likely to run targets in untrusted or newly cloned workspaces, so hidden or modified target definitions can directly execute attacker-controlled commands without any warning, review, or consent step.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `project_target_run` tool directly executes project-defined targets from `.project/targets.json` with no confirmation, policy check, or allowlist. In this skill's context, project metadata may come from the current workspace and therefore from untrusted repositories, so exposing a one-call execution path can lead to arbitrary command execution through socially induced or automated tool invocation.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The `project_plan_apply` path performs state-changing operations by applying a plan ID without any confirmation or guardrail in this server layer. Because this skill is a terminal-first workspace manager intended to modify project state, an agent or user could be induced to apply a malicious or unsafe plan that writes files or changes workspace configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal