ClawHub

Macro Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about autonomous pipeline automation, but it grants persistent repo-changing authority and includes Discord notifications without enough scoping or privacy controls.

Install only if you intentionally want a recurring autonomous agent that can change and commit repository files. Before enabling cron, review every pipeline step, restrict commands and touched files, remove or explicitly approve Discord notifications, and confirm you know how to disable the cron job and unlock HEARTBEAT.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a pipeline/planning utility, but it also instructs agents to send Discord notifications. That expands the capability surface from local project orchestration into external communications, which can leak task status, repository details, or sensitive outputs without the user's explicit awareness. In a cron-driven autonomous skill, undocumented outbound messaging is more dangerous because it can happen repeatedly without an active human in the loop.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The Discord notification instruction introduces an external messaging channel that is not necessary for the core advertised function of managing pipeline documents. This creates a data-exfiltration and privacy risk, especially if summaries, errors, artifacts, project names, or file paths are included in notifications from autonomous runs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill enables autonomous cron execution that reads instructions, updates repository files, and creates commits, yet the opening description does not clearly warn users about these side effects. Missing disclosure is dangerous because users may invoke the skill expecting planning help, not persistent background automation that modifies tracked files over time.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs agents to notify Discord but does not warn about privacy or data transmission implications. In context, autonomous task execution may send operational details, errors, artifacts, or project identifiers to a third-party service, creating avoidable confidentiality and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal