ClawHub
Back to skill

Security audit

Ada Agent Autonomy Kit

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it is built to make an agent keep working unattended, edit project coordination files, and optionally post updates externally without enough scoping or safeguards.

Install only if you explicitly want an agent to run recurring or unattended work sessions. Before enabling it, define the allowed task queue, writable files, maximum runtime, approval rules for destructive or external actions, and what may be posted to Slack or Discord. Avoid using it in repositories with secrets or sensitive customer data unless external reporting is disabled or tightly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly instructs the agent to read a shared task queue, perform work, and update queue and memory files autonomously, but it does not warn users that unattended writes can modify repository state, overwrite human edits, or create unintended changes. In an autonomy-focused skill, these file mutations are a core behavior, so the lack of safety guardrails materially increases the chance of accidental data loss or unauthorized repository changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes continuous operation via frequent heartbeats and unattended cron-triggered work sessions, including overnight execution, without warning about the risks of autonomous actions occurring when no human is supervising. In this context, the skill is specifically designed to keep working without prompts, which increases the likelihood of compounding mistakes, unintended external actions, and policy-violating behavior over long unattended periods.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages agents to post progress, handoffs, blockers, and discoveries to Discord or Slack, but provides no privacy, confidentiality, or disclosure warning about what information may be sent to third-party channels. Because autonomous agents may summarize internal work products or repository contents, this can lead to accidental leakage of sensitive project details, credentials, or personal data.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description 'Stop waiting for prompts. Keep working.' is broad and encourages autonomous behavior without stating any scope, approval boundary, or trigger conditions. In an agent skill, vague autonomy cues can cause the skill to be selected in ordinary contexts and push an agent toward taking unrequested actions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
This section repeatedly promotes proactive and continuous operation, including 'do work, don't just check' and 'Work until limits hit,' without guardrails for consent, scope, or stop conditions. In context, this can normalize runaway agent behavior, unauthorized actions, or persistent task execution beyond what the user intended.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quick-start instructions tell users to set up cron jobs for overnight work and daily reports but provide no warning about background execution, system resource use, unintended actions, or review requirements. Scheduled autonomous execution increases risk because it can continue operating when the user is absent, making mistakes or causing changes to accumulate unnoticed.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The heartbeat directs the agent to autonomously read the task queue, select work, perform actions, and update project state without requiring a fresh user prompt or explicit safety boundaries. In an autonomy-focused skill ('Stop waiting for prompts. Keep working.'), these broad instructions can become de facto activation guidance that encourages self-initiated actions on user/project data, increasing the risk of unintended modifications or overreach.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions explicitly tell the agent to update the queue, log activity to memory files, and add newly discovered tasks, but they provide no warning about modifying user/project data or verifying write permissions and correctness first. Because this skill is designed to keep acting during idle time, it normalizes persistent state changes and can cause silent, unauthorized, or erroneous edits to project artifacts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.