ClawHub

Auto Iterate

Security checks across malware telemetry and agentic risk

Overview

This skill fits its automated experiment purpose, but it can run commands, change repository history, and continue unattended without firm limits.

Install only if you intentionally want an agent to autonomously edit and test code. Use a clean disposable branch or worktree, set explicit time and iteration limits, verify the run command cannot deploy, delete data, touch production systems, or incur unexpected costs, and commit or back up important local work before starting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill promises that only a single user-specified target file will be modified, but its workflow also creates a git branch, writes results.tsv and run.log, and changes repository state. This mismatch can mislead users about the true scope of side effects and cause unintended changes outside the declared boundary.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation states that only the target file may be modified, yet the procedure explicitly initializes and appends to results.tsv and writes run.log. Contradictory safety boundaries are dangerous because users may grant permission based on a narrower modification scope than the skill actually uses.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation description includes broad phrases like '自动优化', '帮我跑优化实验', and 'overnight experiment', which are common natural-language requests. This increases the chance of accidental invocation of a high-impact skill that can run shell commands, edit files, and alter git history without the user explicitly selecting it.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs baseline execution, repeated shell command runs, file writes, and repository changes as part of setup, but does not present a strong upfront warning summarizing these system-affecting actions and their risks. Users may unknowingly authorize destructive or expensive operations because the dangerous behavior is embedded in procedural steps rather than surfaced as explicit consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly says to never stop and to continue unattended, which encourages long-running autonomous operation without periodic user checkpoints. In the context of tools that can edit code and invoke Bash, unattended persistence amplifies the risk of resource abuse, runaway experiments, unintended repository churn, and cumulative damage from bad assumptions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal