ClawHub

CLAUDE.md Auto Discovery

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is useful for loading CLAUDE.md project instructions, but it can automatically turn local files into high-priority agent instructions without user review.

Before installing, inspect CLAUDE.md files in the project and parent directories, including any leading-space ' CLAUDE.md' file. Avoid using this in untrusted repositories unless the skill asks for confirmation and clearly shows which files it will load.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI01: Agent Goal Hijack
High
What this means

A malicious, compromised, or accidental CLAUDE.md file in a project or parent folder could redirect the agent's behavior before you explicitly approve it.

Why it was flagged

The skill instructs automatic execution and injection of loaded file contents into the system context, which can make local project files authoritative over the agent without user review.

Skill content
## 触发条件
- 当用户发送消息时自动执行
- 无需用户手动调用

## 实现
- ...
- 注入到系统上下文
Recommendation

Use this only in trusted workspaces. Prefer a version that shows exactly which files will be loaded, asks for confirmation, and treats CLAUDE.md contents as untrusted project context rather than system-level instructions.

#ASI06: Memory and Context Poisoning
Medium
What this means

A hidden or parent-directory CLAUDE.md can keep influencing agent sessions until the file is found and removed or changed.

Why it was flagged

The implementation searches persistent files in the current directory and parent directories, including a leading-space filename, then loads their contents into context. Those files can be poisoned and repeatedly reused.

Skill content
for (let i = 0; i < 4; i++) {
  paths.push(resolve(current, 'CLAUDE.md'));
  paths.push(resolve(current, ' CLAUDE.md'));
  ...
  current = parent;
}
Recommendation

Constrain discovery to an explicit project root, display all loaded paths, avoid loading leading-space filenames by default, and require user approval before adding persistent file content to the agent context.