ClawHub

ACE Copilot

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate IBM ACE helper, but it needs review because it includes broad activation plus powerful deployment, credential, and diagnostic guidance without enough safeguards.

Install only for IBM ACE/App Connect Enterprise work. Treat its deployment, undeploy, delete, trace, diagnostic bundle, and credential commands as production-impacting: verify targets, require explicit user confirmation, avoid placing real secrets on command lines, and redact or protect trace and support files before sharing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

High
Confidence
95% confidence
Finding
The instruction to trigger the skill 'when in doubt' materially weakens scoping and can cause the agent to invoke this skill for ambiguous or only loosely related requests. In a skill that can guide code changes, deployments, and PR workflows, unintended activation increases the chance of irrelevant or risky operational guidance being applied in the wrong context.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The catch-all phrase 'any ACE-specific development tasks' is overly broad because it lacks concrete boundaries, allowing the skill to match a wide range of actions without sufficient context checks. While not an exploit primitive by itself, it can contribute to over-triggering and inappropriate use of a domain-specialized skill in mixed or uncertain environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The examples show credentials and passwords supplied directly on the command line without any warning about secret handling. This is dangerous because command-line secrets may be exposed via shell history, process listings, logs, screenshots, or copied documentation, increasing the chance of credential leakage in real environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guide instructs operators to enable and read ACE user trace, and the same document explicitly shows that trace entries can include full message bodies. In ACE environments, those payloads often contain PII, credentials, business data, or tokens, so collecting and storing traces in /tmp without a sensitivity warning or handling guidance can expose confidential data during routine debugging.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide recommends creating a diagnostic bundle with mqsicapture and notes that it contains configuration, logs, flow definitions, and system information, but it does not warn that these artifacts may include secrets, connection details, internal topology, and sensitive business metadata. Such archives are commonly shared with support or moved between systems, increasing the risk of unintended disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal