ClawHub

Super Dev Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill matches its development-pipeline purpose, but it asks for broad project access and exposes an under-scoped command runner that users should review before installing.

Install only if you trust the external Super Dev CLI/plugin. Use it in a branch or disposable worktree, review generated diffs before merging, avoid secret-heavy projects unless offline/data-sharing behavior is clear, and treat any super_dev_run command as high impact because the skill documents it as accepting arbitrary CLI commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documented `super_dev_run` tool accepts an arbitrary `command: 任意 CLI 命令`, which materially exceeds a narrowly scoped governance skill and creates a generic command-execution surface. In an agent context, this can be abused to run destructive local commands, access sensitive files, invoke network-capable binaries, or bypass the intended phase gates through arbitrary shell behavior.

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The skill states that the agent handles file I/O, yet later imposes mandatory reads of `knowledge/`, cached bundles, and prompt files as a hard contract. This inconsistency encourages the agent to perform broad file access under the authority of the skill, potentially exposing sensitive repository contents or causing the agent to trust adversarial files as mandatory constraints.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The deployment step directs configuration of CI/CD and Docker-related setup without warning the user that this may modify repository config, deployment manifests, secrets handling, or external service integrations. In practice, such actions can introduce unintended infrastructure changes, leak deployment metadata, or trigger risky automation in a project the user did not intend to alter yet.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to immediately activate the pipeline and call `super_dev_pipeline` on first trigger, without first warning about file reads, file writes, generated artifacts, or other side effects. This weakens informed consent and increases the chance that a casual invocation causes nontrivial project modifications before the user understands the consequences.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The pipeline explicitly allows online research during Stage 1 ('联网研究同类产品') but does not mention any user notice, consent, or restrictions on what data may be sent to external services. In an agent skill that processes user requirements and local knowledge bases, this creates a real risk of transmitting sensitive project details, proprietary code context, or personal data to third-party systems without the user's awareness.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal