ClawHub

Codex Conductor

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed software-delivery orchestrator that writes project documentation, runs user-supplied validation commands, and delegates tasks to selected coding agents as part of its stated workflow.

Install this only for trusted project workspaces where you want an agent to scaffold docs, update project workflow files, run validation commands, and delegate implementation tasks to coding-agent CLIs. Prefer gated mode for unfamiliar or sensitive projects, review generated prompts and validation commands before running them, and avoid using full-auto behavior in repositories where unintended code changes would be costly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read multiple local reference files and execute numerous Python scripts that can write documentation, update orchestrator state, and run shell commands, yet it declares no permissions. This mismatch is dangerous because it obscures the skill's effective capabilities from any permission or trust model and could allow users or systems to invoke a broadly powerful workflow without informed consent.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The description positions the skill as a general-purpose end-to-end software delivery orchestrator for broad situations like 'full lifecycle delivery,' which is an overly broad invocation condition for a skill that can read files, write project artifacts, and execute shell commands. Broad triggering increases the chance the skill is invoked in contexts where its powerful operational behavior is unnecessary, causing excessive access, unintended changes, or execution of risky commands.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal